From fdeea341ed1bae670382e45eb731db1b5838ad21 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 11 Mar 1998 21:11:04 +0000
Subject: "For I have laboured mightily on Luke's code, and hath broken all I
 saw" - the book of Jeremy, chapter 1 :-).

So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.

This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.

Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.

This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.

I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).

Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
---
 source3/rpc_server/srv_util.c | 477 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 477 insertions(+)
 create mode 100644 source3/rpc_server/srv_util.c

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
new file mode 100644
index 0000000000..7be259029a
--- /dev/null
+++ b/source3/rpc_server/srv_util.c
@@ -0,0 +1,477 @@
+
+/* 
+ *  Unix SMB/Netbios implementation.
+ *  Version 1.9.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-1998
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Paul Ashton                  1997-1998.
+ *  
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*  this module apparently provides an implementation of DCE/RPC over a
+ *  named pipe (IPC$ connection using SMBtrans).  details of DCE/RPC
+ *  documentation are available (in on-line form) from the X-Open group.
+ *
+ *  this module should provide a level of abstraction between SMB
+ *  and DCE/RPC, while minimising the amount of mallocs, unnecessary
+ *  data copies, and network traffic.
+ *
+ *  in this version, which takes a "let's learn what's going on and
+ *  get something running" approach, there is additional network
+ *  traffic generated, but the code should be easier to understand...
+ *
+ *  ... if you read the docs.  or stare at packets for weeks on end.
+ *
+ */
+
+#include "includes.h"
+#include "nterr.h"
+
+extern int DEBUGLEVEL;
+
+/* array lookup of well-known RID aliases.  the purpose of these escapes me.. */
+/* XXXX this structure should not have the well-known RID groups added to it,
+   i.e the DOMAIN_GROUP_RID_ADMIN/USER/GUEST.  */
+rid_name domain_alias_rids[] = 
+{
+	{ DOMAIN_ALIAS_RID_ADMINS       , "admins" },
+	{ DOMAIN_ALIAS_RID_USERS        , "users" },
+	{ DOMAIN_ALIAS_RID_GUESTS       , "guests" },
+	{ DOMAIN_ALIAS_RID_POWER_USERS  , "power_users" },
+
+	{ DOMAIN_ALIAS_RID_ACCOUNT_OPS  , "account_ops" },
+	{ DOMAIN_ALIAS_RID_SYSTEM_OPS   , "system_ops" },
+	{ DOMAIN_ALIAS_RID_PRINT_OPS    , "print_ops" },
+	{ DOMAIN_ALIAS_RID_BACKUP_OPS   , "backup_ops" },
+	{ DOMAIN_ALIAS_RID_REPLICATOR   , "replicator" },
+	{ 0                             , NULL }
+};
+
+/* array lookup of well-known Domain RID groups. */
+rid_name domain_group_rids[] = 
+{
+	{ DOMAIN_GROUP_RID_ADMINS       , "domain admins" },
+	{ DOMAIN_GROUP_RID_USERS        , "domain users" },
+	{ DOMAIN_GROUP_RID_GUESTS       , "domain guests" },
+	{ 0                             , NULL }
+};
+
+
+
+int make_dom_gids(char *gids_str, DOM_GID *gids)
+{
+	char *ptr;
+	pstring s2;
+	int count;
+
+	DEBUG(4,("make_dom_gids: %s\n", gids_str));
+
+	if (gids_str == NULL || *gids_str == 0) return 0;
+
+	for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++) 
+	{
+		/* the entries are of the form GID/ATTR, ATTR being optional.*/
+		char *attr;
+		uint32 rid = 0;
+		int i;
+
+		attr = strchr(s2,'/');
+		if (attr) *attr++ = 0;
+		if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
+
+		/* look up the RID string and see if we can turn it into a rid number */
+		for (i = 0; domain_alias_rids[i].name != NULL; i++)
+		{
+			if (strequal(domain_alias_rids[i].name, s2))
+			{
+				rid = domain_alias_rids[i].rid;
+				break;
+			}
+		}
+
+		if (rid == 0) rid = atoi(s2);
+
+		if (rid == 0)
+		{
+			DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n",
+			          s2, attr));
+			count--;
+		}
+		else
+		{
+			gids[count].g_rid = rid;
+			gids[count].attr  = atoi(attr);
+
+			DEBUG(5,("group id: %d attr: %d\n",
+			          gids[count].g_rid,
+			          gids[count].attr));
+		}
+	}
+
+	return count;
+}
+
+/*******************************************************************
+ gets a domain user's groups
+ ********************************************************************/
+void get_domain_user_groups(char *domain_groups, char *user)
+{
+	pstring tmp;
+
+	if (domain_groups == NULL || user == NULL) return;
+
+	/* any additional groups this user is in.  e.g power users */
+	pstrcpy(domain_groups, lp_domain_groups());
+
+	/* can only be a user or a guest.  cannot be guest _and_ admin */
+	if (user_in_list(user, lp_domain_guest_users()))
+	{
+		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
+		strcat(domain_groups, tmp);
+
+		DEBUG(3,("domain guest access %s granted\n", tmp));
+	}
+	else
+	{
+		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
+		strcat(domain_groups, tmp);
+
+		DEBUG(3,("domain user access %s granted\n", tmp));
+
+		if (user_in_list(user, lp_domain_admin_users()))
+		{
+			sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
+			strcat(domain_groups, tmp);
+
+			DEBUG(3,("domain admin access %s granted\n", tmp));
+		}
+	}
+}
+
+
+/*******************************************************************
+ turns a DCE/RPC request into a DCE/RPC reply
+
+ this is where the data really should be split up into an array of
+ headers and data sections.
+
+ ********************************************************************/
+BOOL create_rpc_reply(pipes_struct *p,
+				uint32 data_start, uint32 data_end)
+{
+	mem_buf_init(&(p->rhdr.data), 0);
+	mem_alloc_data(p->rhdr.data, 0x18);
+
+	p->rhdr.align = 4;
+	p->rhdr.io = False;
+
+	p->hdr_rr.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
+	p->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
+
+	/* set up rpc header (fragmentation issues) */
+	if (data_start == 0)
+	{
+		p->hdr.flags = RPC_FLG_FIRST;
+	}
+	else
+	{
+		p->hdr.flags = 0;
+	}
+
+	if (p->hdr_rr.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
+	{
+		p->hdr.flags |= RPC_FLG_LAST;
+		p->hdr.frag_len = p->hdr_rr.alloc_hint + 0x18;
+	}
+	else
+	{
+		p->hdr.frag_len = p->hdr_ba.bba.max_tsize;
+	}
+
+	p->rhdr.data->offset.start = 0;
+	p->rhdr.data->offset.end   = 0x18;
+
+	/* store the header in the data stream */
+	p->rhdr.offset = 0;
+	smb_io_rpc_hdr   ("hdr", &(p->hdr   ), &(p->rhdr), 0);
+	smb_io_rpc_hdr_rr("rr" , &(p->hdr_rr), &(p->rhdr), 0);
+
+	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
+}
+
+
+/*******************************************************************
+ receives a netlogon pipe and responds.
+ ********************************************************************/
+static BOOL api_rpc_command(pipes_struct *p, 
+				char *rpc_name, struct api_struct *api_rpc_cmds,
+				prs_struct *data)
+{
+	int fn_num;
+	DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_rr.opnum));
+
+	for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++)
+	{
+		if (api_rpc_cmds[fn_num].opnum == p->hdr_rr.opnum && api_rpc_cmds[fn_num].fn != NULL)
+		{
+			DEBUG(3,("api_rpc_command: %s\n", api_rpc_cmds[fn_num].name));
+			break;
+		}
+	}
+
+	if (api_rpc_cmds[fn_num].name == NULL)
+	{
+		DEBUG(4, ("unknown\n"));
+		return False;
+	}
+
+	/* start off with 1024 bytes, and a large safety margin too */
+	mem_buf_init(&(p->rdata.data), SAFETY_MARGIN);
+	mem_alloc_data(p->rdata.data, 1024);
+
+	p->rdata.io = False;
+	p->rdata.align = 4;
+
+	p->rdata.data->offset.start = 0;
+	p->rdata.data->offset.end   = 0xffffffff;
+
+	/* do the actual command */
+	p->rdata.offset = 0; 
+	api_rpc_cmds[fn_num].fn(p->uid, data, &(p->rdata));
+
+	if (p->rdata.data == NULL || p->rdata.offset == 0)
+	{
+		mem_free_data(p->rdata.data);
+		return False;
+	}
+
+	mem_realloc_data(p->rdata.data, p->rdata.offset);
+
+    DEBUG(10,("called %s\n", rpc_name));
+
+	return True;
+}
+
+
+/*******************************************************************
+ receives a netlogon pipe and responds.
+ ********************************************************************/
+BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds,
+				prs_struct *data)
+{
+	if (data == NULL || data->data == NULL)
+	{
+		DEBUG(2,("%s: NULL data received\n", rpc_name));
+		return False;
+	}
+
+	/* read the rpc header */
+	smb_io_rpc_hdr_rr("", &(p->hdr_rr), data, 0);
+
+	/* interpret the command */
+	if (!api_rpc_command(p, rpc_name, api_rpc_cmds, data))
+	{
+		return False;
+	}
+
+	/* create the rpc header */
+	if (!create_rpc_reply(p, 0, p->rdata.offset))
+	{
+		return False;
+	}
+
+	/* set up the data chain */
+	p->rhdr.data->offset.start = 0;
+	p->rhdr.data->offset.end   = p->rhdr.offset;
+	p->rhdr.data->next = p->rdata.data;
+
+	p->rdata.data->offset.start = p->rhdr.data->offset.end;
+	p->rdata.data->offset.end   = p->rhdr.data->offset.end + p->rdata.offset;
+	p->rdata.data->next = NULL;
+
+	return True;
+}
+
+extern rid_name domain_group_rids[];
+
+/*******************************************************************
+ lookup_group_name
+ ********************************************************************/
+uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
+{
+	int i = 0; 
+	(*type) = SID_NAME_DOM_GRP;
+
+	while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (domain_group_rids[i].rid != 0)
+	{
+		fstrcpy(group_name, domain_group_rids[i].name);
+		return 0x0;
+	}
+
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+extern rid_name domain_alias_rids[];
+
+/*******************************************************************
+ lookup_alias_name
+ ********************************************************************/
+uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
+{
+	int i = 0; 
+	(*type) = SID_NAME_WKN_GRP;
+
+	while (domain_alias_rids[i].rid != rid && domain_alias_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (domain_alias_rids[i].rid != 0)
+	{
+		fstrcpy(alias_name, domain_alias_rids[i].name);
+		return 0x0;
+	}
+
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_user_name
+ ********************************************************************/
+uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
+{
+	struct smb_passwd *smb_pass;
+	(*type) = SID_NAME_USER;
+
+	/* find the user account */
+	become_root(True);
+	smb_pass = get_smbpwd_entry(NULL, rid); /* lkclXXXX SHOULD use rid mapping here! */
+	unbecome_root(True);
+
+	if (smb_pass != NULL)
+	{
+		fstrcpy(user_name, smb_pass->smb_name);
+		return 0x0;
+	}
+
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_group_rid
+ ********************************************************************/
+uint32 lookup_group_rid(char *group_name, uint32 *rid)
+{
+	char *grp_name;
+	int i = -1; /* start do loop at -1 */
+
+	do /* find, if it exists, a group rid for the group name*/
+	{
+		i++;
+		(*rid) = domain_group_rids[i].rid;
+		grp_name = domain_group_rids[i].name;
+
+	} while (grp_name != NULL && !strequal(grp_name, group_name));
+
+	return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_alias_rid
+ ********************************************************************/
+uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
+{
+	char *als_name;
+	int i = -1; /* start do loop at -1 */
+
+	do /* find, if it exists, a alias rid for the alias name*/
+	{
+		i++;
+		(*rid) = domain_alias_rids[i].rid;
+		als_name = domain_alias_rids[i].name;
+
+	} while (als_name != NULL && !strequal(als_name, alias_name));
+
+	return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_user_rid
+ ********************************************************************/
+uint32 lookup_user_rid(char *user_name, uint32 *rid)
+{
+	struct smb_passwd *smb_pass;
+	(*rid) = 0;
+
+	/* find the user account */
+	become_root(True);
+	smb_pass = get_smbpwd_entry(user_name, 0);
+	unbecome_root(True);
+
+	if (smb_pass != NULL)
+	{
+		/* lkclXXXX SHOULD use name_to_rid() here! */
+		(*rid) = smb_pass->smb_userid;
+		return 0x0;
+	}
+
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ Group and User RID username mapping function
+ ********************************************************************/
+BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
+{
+    struct passwd *pw = Get_Pwnam(user_name, False);
+
+	if (u_rid == NULL || g_rid == NULL || user_name == NULL)
+	{
+		return False;
+	}
+
+    if (!pw)
+	{
+      DEBUG(1,("Username %s is invalid on this system\n", user_name));
+      return False;
+    }
+
+	if (user_in_list(user_name, lp_domain_guest_users()))
+	{
+		*u_rid = DOMAIN_USER_RID_GUEST;
+	}
+	else if (user_in_list(user_name, lp_domain_admin_users()))
+	{
+		*u_rid = DOMAIN_USER_RID_ADMIN;
+	}
+	else
+	{
+		/* turn the unix UID into a Domain RID.  this is what the posix
+		   sub-system does (adds 1000 to the uid) */
+		*u_rid = (uint32)(pw->pw_uid + 1000);
+	}
+
+	/* absolutely no idea what to do about the unix GID to Domain RID mapping */
+	*g_rid = (uint32)(pw->pw_gid + 1000);
+
+	return True;
+}
-- 
cgit 


From e300c0346ff92035ff9568b55b34469193e29769 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 10 Apr 1998 18:21:16 +0000
Subject: includes.h: Moved HPUX undefine of SEMMSL to where it actually does
 something. ipc.c: Added Luke's debug statement. locking_slow.c: Added
 FTRUNCATE_NEEDS_ROOT code for broken systems that need it (not sure what
 these are yet).

membuffer.c ntdomain.h proto.h
lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h
lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c
lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c:
   Re-merge of Luke's NTDOM changes 'cos he's a lazy git with
   carpel tunnel syndrome :-).

Jeremy.
(This used to be commit 52e3966fbcf7b5fbdbc7cbe9ac0b453ab5bf3217)
---
 source3/rpc_server/srv_util.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 7be259029a..3f4d66eab2 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -173,13 +173,16 @@ void get_domain_user_groups(char *domain_groups, char *user)
 BOOL create_rpc_reply(pipes_struct *p,
 				uint32 data_start, uint32 data_end)
 {
+	DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n",
+	          data_start, data_end, p->hdr_ba.bba.max_tsize));
+
 	mem_buf_init(&(p->rhdr.data), 0);
 	mem_alloc_data(p->rhdr.data, 0x18);
 
 	p->rhdr.align = 4;
 	p->rhdr.io = False;
 
-	p->hdr_rr.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
+	p->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
 	p->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
 
 	/* set up rpc header (fragmentation issues) */
@@ -192,10 +195,10 @@ BOOL create_rpc_reply(pipes_struct *p,
 		p->hdr.flags = 0;
 	}
 
-	if (p->hdr_rr.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
+	if (p->hdr_resp.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
 	{
 		p->hdr.flags |= RPC_FLG_LAST;
-		p->hdr.frag_len = p->hdr_rr.alloc_hint + 0x18;
+		p->hdr.frag_len = p->hdr_resp.alloc_hint + 0x18;
 	}
 	else
 	{
@@ -208,7 +211,7 @@ BOOL create_rpc_reply(pipes_struct *p,
 	/* store the header in the data stream */
 	p->rhdr.offset = 0;
 	smb_io_rpc_hdr   ("hdr", &(p->hdr   ), &(p->rhdr), 0);
-	smb_io_rpc_hdr_rr("rr" , &(p->hdr_rr), &(p->rhdr), 0);
+	smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0);
 
 	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
 }
@@ -222,11 +225,11 @@ static BOOL api_rpc_command(pipes_struct *p,
 				prs_struct *data)
 {
 	int fn_num;
-	DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_rr.opnum));
+	DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
 
 	for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++)
 	{
-		if (api_rpc_cmds[fn_num].opnum == p->hdr_rr.opnum && api_rpc_cmds[fn_num].fn != NULL)
+		if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL)
 		{
 			DEBUG(3,("api_rpc_command: %s\n", api_rpc_cmds[fn_num].name));
 			break;
@@ -280,7 +283,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 	}
 
 	/* read the rpc header */
-	smb_io_rpc_hdr_rr("", &(p->hdr_rr), data, 0);
+	smb_io_rpc_hdr_req("req", &(p->hdr_req), data, 0);
 
 	/* interpret the command */
 	if (!api_rpc_command(p, rpc_name, api_rpc_cmds, data))
-- 
cgit 


From 2a53d6f7077de596265a3e73e79827392054142c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 14 Apr 1998 00:41:59 +0000
Subject: Modified interfaces to getting smb password entries from
 get_smbpwd_entry (now an internal function to smbpass.c) to a more UNIX-like
 :

getsmbpwnam() - get entry by name.
getsmbpwuid() - get entry by uid.

Changed the type returned by the smbpasswd enumeration
functions to be a void * so that people don't come to
depend on it being a FILE *.

These abstractions should make it much easier to
replace the smbpasswd file with a better backend
in future.

Other files changed are to match the above changes.

Jeremy.
(This used to be commit 1161cfb7f2b0d5a6d3e2b524a14a6f325ce70efb)
---
 source3/rpc_server/srv_util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 3f4d66eab2..868cf3a4ac 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -367,7 +367,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 
 	/* find the user account */
 	become_root(True);
-	smb_pass = get_smbpwd_entry(NULL, rid); /* lkclXXXX SHOULD use rid mapping here! */
+	smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
 	unbecome_root(True);
 
 	if (smb_pass != NULL)
@@ -427,7 +427,7 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
 
 	/* find the user account */
 	become_root(True);
-	smb_pass = get_smbpwd_entry(user_name, 0);
+	smb_pass = getsmbpwnam(user_name);
 	unbecome_root(True);
 
 	if (smb_pass != NULL)
-- 
cgit 


From 9189005f7f884123d29c8f27db73687b68c80bb9 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Fri, 24 Apr 1998 21:01:08 +0000
Subject: ABOUT time.  dce/rpc long packet format now works, server-side. turns
 out that [it can be deduced that] microsoft ignores the SMBreadX offset, and
 goes by the SMBreadX length only.  this makes for a lot simpler code, in both
 client and server. (This used to be commit
 a8b641c027c8cce179455ac1f6fd0322a8ab017d)

---
 source3/rpc_server/srv_util.c | 93 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 90 insertions(+), 3 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 868cf3a4ac..90a811e490 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -61,6 +61,14 @@ rid_name domain_alias_rids[] =
 	{ 0                             , NULL }
 };
 
+/* array lookup of well-known Domain RID users. */
+rid_name domain_user_rids[] = 
+{
+	{ DOMAIN_USER_RID_ADMIN         , "Administrator" },
+	{ DOMAIN_USER_RID_GUEST         , "Guest" },
+	{ 0                             , NULL }
+};
+
 /* array lookup of well-known Domain RID groups. */
 rid_name domain_group_rids[] = 
 {
@@ -297,6 +305,9 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 		return False;
 	}
 
+	p->frag_len_left   = p->hdr.frag_len - p->file_offset;
+	p->next_frag_start = p->hdr.frag_len; 
+	
 	/* set up the data chain */
 	p->rhdr.data->offset.start = 0;
 	p->rhdr.data->offset.end   = p->rhdr.offset;
@@ -319,6 +330,8 @@ uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 	int i = 0; 
 	(*type) = SID_NAME_DOM_GRP;
 
+	DEBUG(5,("lookup_group_name: rid: %d", rid));
+
 	while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
 	{
 		i++;
@@ -327,9 +340,11 @@ uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 	if (domain_group_rids[i].rid != 0)
 	{
 		fstrcpy(group_name, domain_group_rids[i].name);
+		DEBUG(5,(" = %s\n", group_name));
 		return 0x0;
 	}
 
+	DEBUG(5,(" none mapped\n"));
 	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
 
@@ -343,6 +358,8 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 	int i = 0; 
 	(*type) = SID_NAME_WKN_GRP;
 
+	DEBUG(5,("lookup_alias_name: rid: %d", rid));
+
 	while (domain_alias_rids[i].rid != rid && domain_alias_rids[i].rid != 0)
 	{
 		i++;
@@ -351,9 +368,11 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 	if (domain_alias_rids[i].rid != 0)
 	{
 		fstrcpy(alias_name, domain_alias_rids[i].name);
+		DEBUG(5,(" = %s\n", alias_name));
 		return 0x0;
 	}
 
+	DEBUG(5,(" none mapped\n"));
 	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
 
@@ -363,9 +382,30 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 {
 	struct smb_passwd *smb_pass;
+	uint32 unix_uid;
+	int i = 0;
 	(*type) = SID_NAME_USER;
 
-	/* find the user account */
+	DEBUG(5,("lookup_user_name: rid: %d", rid));
+
+	/* look up the well-known domain user rids first */
+	while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (domain_user_rids[i].rid != 0)
+	{
+		fstrcpy(user_name, domain_user_rids[i].name);
+		DEBUG(5,(" = %s\n", user_name));
+		return 0x0;
+	}
+
+	DEBUG(5,(" uid: %d", unix_uid));
+
+	unix_uid = uid_to_user_rid(rid);
+
+	/* ok, it's a user.  find the user account */
 	become_root(True);
 	smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
 	unbecome_root(True);
@@ -373,9 +413,11 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 	if (smb_pass != NULL)
 	{
 		fstrcpy(user_name, smb_pass->smb_name);
+		DEBUG(5,(" = %s\n", user_name));
 		return 0x0;
 	}
 
+	DEBUG(5,(" none mapped\n"));
 	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
 
@@ -470,11 +512,56 @@ BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
 	{
 		/* turn the unix UID into a Domain RID.  this is what the posix
 		   sub-system does (adds 1000 to the uid) */
-		*u_rid = (uint32)(pw->pw_uid + 1000);
+		*u_rid = uid_to_user_rid(pw->pw_uid);
 	}
 
 	/* absolutely no idea what to do about the unix GID to Domain RID mapping */
-	*g_rid = (uint32)(pw->pw_gid + 1000);
+	*g_rid = gid_to_group_rid(pw->pw_gid);
 
 	return True;
 }
+
+/*******************************************************************
+ XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
+ INSIDE smbpass.c
+
+ converts NT User RID to a UNIX uid.
+ ********************************************************************/
+uid_t user_rid_to_uid(uint32 u_rid)
+{
+	return (uid_t)(u_rid - 1000);
+}
+
+/*******************************************************************
+ XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
+ INSIDE smbpass.c
+
+ converts NT Group RID to a UNIX uid.
+ ********************************************************************/
+uid_t group_rid_to_uid(uint32 u_gid)
+{
+	return (uid_t)(u_gid - 1000);
+}
+
+/*******************************************************************
+ XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
+ INSIDE smbpass.c
+
+ converts UNIX uid to an NT User RID.
+ ********************************************************************/
+uint32 uid_to_user_rid(uint32 uid)
+{
+	return (uint32)(uid + 1000);
+}
+
+/*******************************************************************
+ XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
+ INSIDE smbpass.c
+
+ converts NT Group RID to a UNIX uid.
+ ********************************************************************/
+uint32 gid_to_group_rid(uint32 gid)
+{
+	return (uint32)(gid + 1000);
+}
+
-- 
cgit 


From f601e6e0484d77d2c43eab05f80bccf28c9055aa Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Tue, 5 May 1998 09:04:49 +0000
Subject: patches from jean francois: couple of minor bugs (This used to be
 commit 532b3956c66eda1b7e787b1c6906bcf574f66216)

---
 source3/rpc_server/srv_util.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 90a811e490..898269dc4a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -401,9 +401,8 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 		return 0x0;
 	}
 
-	DEBUG(5,(" uid: %d", unix_uid));
-
 	unix_uid = uid_to_user_rid(rid);
+	DEBUG(5,(" uid: %d", unix_uid));
 
 	/* ok, it's a user.  find the user account */
 	become_root(True);
-- 
cgit 


From d8d9f7723337c267a8740750fe19a6387cfbb1f6 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Thu, 7 May 1998 18:19:05 +0000
Subject: created "passdb.c" which is an interface point to (at present) either
 smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP).

_none_ of the functions in ldap.c or smbpass.c should be called directly:
only those in passdb.c should be used.

-DUSE_LDAP is unlikely to compile at the moment.
(This used to be commit 57b01ad4ffb14ebd600d4e66602b54ed987f6106)
---
 source3/rpc_server/srv_util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 898269dc4a..a84dbb43ef 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -406,7 +406,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 
 	/* ok, it's a user.  find the user account */
 	become_root(True);
-	smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
+	smb_pass = getsampwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
 	unbecome_root(True);
 
 	if (smb_pass != NULL)
@@ -468,7 +468,7 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
 
 	/* find the user account */
 	become_root(True);
-	smb_pass = getsmbpwnam(user_name);
+	smb_pass = getsampwnam(user_name);
 	unbecome_root(True);
 
 	if (smb_pass != NULL)
-- 
cgit 


From f004d84f683673b7cb167320e3e78a3fcefdfd07 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Mon, 11 May 1998 15:56:01 +0000
Subject: ldap back-end database development

Makefile:

	created PASSBD_OBJ group

includes.h:

	added #ifdef USE_LDAP to #include <ldap> headers

ldap.c:

	- renamed "_machine" to "_trust" everywhere.
	- added sam_passwd support routines
	- removed get_ldappwd_entry function: replaced with get_sampwd_entry
	- removed getldappwnam/uid: replaced with getsampwnam/uid
	- other messing about bits which are probably going to annoy the
	  hell out of jean-francois (sorry!)

mkproto.awk:

	- added stuff to wrap ldap.c protos with #ifdef USE_LDAP
	- added uid_t and gid_t return results to the prototype generation

passdb.c:

	- created getsam21pwent, add_sam21pwd_entry, mod_sam21pwd_entry.
	- modified getsampwnam/uid and created getsam21pwnam/rid functions
	  to replace the local get_smbpwd_entry() and get_ldappwd_entry()
	  functions, which jeremy didn't like anyway because they were
	  dual-purpose.
	- added utility routines which are or may be useful to all the
	  password database routines.

password.c:

	- renamed "machine_" to "trust_" everywhere.

smbpass.c:

	- removed get_smbpwd_entry function: replaced it with get_sampwd_entry
	  functions in passdb.c
	- moved code that decoded acct_ctrl into passdb.c
	- moved encode_acct_ctrl into passdb.c
	- removed getsmbpwnam/uid: replaced with getsampwnam/uid
	- renamed "machine_" to "trust_" everywhere.

smbpasswd.c:

	- renamed "machine_" to "trust_" everywhere.

util.c:

	- moved gethexpwd function into passdb.c

lib/rpc/server/srv_util.c:

	- moved user_rid_to_uid, group_rid_to_rid etc etc into passdb.c
(This used to be commit 673ab50c4c2c25db355d90efde3a6bfbb4d8369e)
---
 source3/rpc_server/srv_util.c | 164 ++++++++++--------------------------------
 1 file changed, 38 insertions(+), 126 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index a84dbb43ef..210a3f55e2 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -79,7 +79,6 @@ rid_name domain_group_rids[] =
 };
 
 
-
 int make_dom_gids(char *gids_str, DOM_GID *gids)
 {
 	char *ptr;
@@ -133,44 +132,6 @@ int make_dom_gids(char *gids_str, DOM_GID *gids)
 	return count;
 }
 
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, char *user)
-{
-	pstring tmp;
-
-	if (domain_groups == NULL || user == NULL) return;
-
-	/* any additional groups this user is in.  e.g power users */
-	pstrcpy(domain_groups, lp_domain_groups());
-
-	/* can only be a user or a guest.  cannot be guest _and_ admin */
-	if (user_in_list(user, lp_domain_guest_users()))
-	{
-		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
-		strcat(domain_groups, tmp);
-
-		DEBUG(3,("domain guest access %s granted\n", tmp));
-	}
-	else
-	{
-		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
-		strcat(domain_groups, tmp);
-
-		DEBUG(3,("domain user access %s granted\n", tmp));
-
-		if (user_in_list(user, lp_domain_admin_users()))
-		{
-			sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
-			strcat(domain_groups, tmp);
-
-			DEBUG(3,("domain admin access %s granted\n", tmp));
-		}
-	}
-}
-
-
 /*******************************************************************
  turns a DCE/RPC request into a DCE/RPC reply
 
@@ -320,7 +281,44 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 	return True;
 }
 
-extern rid_name domain_group_rids[];
+
+/*******************************************************************
+ gets a domain user's groups
+ ********************************************************************/
+void get_domain_user_groups(char *domain_groups, char *user)
+{
+	pstring tmp;
+
+	if (domain_groups == NULL || user == NULL) return;
+
+	/* any additional groups this user is in.  e.g power users */
+	pstrcpy(domain_groups, lp_domain_groups());
+
+	/* can only be a user or a guest.  cannot be guest _and_ admin */
+	if (user_in_list(user, lp_domain_guest_users()))
+	{
+		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
+		strcat(domain_groups, tmp);
+
+		DEBUG(3,("domain guest access %s granted\n", tmp));
+	}
+	else
+	{
+		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
+		strcat(domain_groups, tmp);
+
+		DEBUG(3,("domain user access %s granted\n", tmp));
+
+		if (user_in_list(user, lp_domain_admin_users()))
+		{
+			sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
+			strcat(domain_groups, tmp);
+
+			DEBUG(3,("domain admin access %s granted\n", tmp));
+		}
+	}
+}
+
 
 /*******************************************************************
  lookup_group_name
@@ -348,8 +346,6 @@ uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
 
-extern rid_name domain_alias_rids[];
-
 /*******************************************************************
  lookup_alias_name
  ********************************************************************/
@@ -480,87 +476,3 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
 
 	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
-
-/*******************************************************************
- Group and User RID username mapping function
- ********************************************************************/
-BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
-{
-    struct passwd *pw = Get_Pwnam(user_name, False);
-
-	if (u_rid == NULL || g_rid == NULL || user_name == NULL)
-	{
-		return False;
-	}
-
-    if (!pw)
-	{
-      DEBUG(1,("Username %s is invalid on this system\n", user_name));
-      return False;
-    }
-
-	if (user_in_list(user_name, lp_domain_guest_users()))
-	{
-		*u_rid = DOMAIN_USER_RID_GUEST;
-	}
-	else if (user_in_list(user_name, lp_domain_admin_users()))
-	{
-		*u_rid = DOMAIN_USER_RID_ADMIN;
-	}
-	else
-	{
-		/* turn the unix UID into a Domain RID.  this is what the posix
-		   sub-system does (adds 1000 to the uid) */
-		*u_rid = uid_to_user_rid(pw->pw_uid);
-	}
-
-	/* absolutely no idea what to do about the unix GID to Domain RID mapping */
-	*g_rid = gid_to_group_rid(pw->pw_gid);
-
-	return True;
-}
-
-/*******************************************************************
- XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
- INSIDE smbpass.c
-
- converts NT User RID to a UNIX uid.
- ********************************************************************/
-uid_t user_rid_to_uid(uint32 u_rid)
-{
-	return (uid_t)(u_rid - 1000);
-}
-
-/*******************************************************************
- XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
- INSIDE smbpass.c
-
- converts NT Group RID to a UNIX uid.
- ********************************************************************/
-uid_t group_rid_to_uid(uint32 u_gid)
-{
-	return (uid_t)(u_gid - 1000);
-}
-
-/*******************************************************************
- XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
- INSIDE smbpass.c
-
- converts UNIX uid to an NT User RID.
- ********************************************************************/
-uint32 uid_to_user_rid(uint32 uid)
-{
-	return (uint32)(uid + 1000);
-}
-
-/*******************************************************************
- XXXX THIS FUNCTION SHOULD NOT BE HERE: IT SHOULD BE A STATIC FUNCTION
- INSIDE smbpass.c
-
- converts NT Group RID to a UNIX uid.
- ********************************************************************/
-uint32 gid_to_group_rid(uint32 gid)
-{
-	return (uint32)(gid + 1000);
-}
-
-- 
cgit 


From f888868f46a5418bac9ab528497136c152895305 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 12 May 1998 00:55:32 +0000
Subject: This is a security audit change of the main source. It removed all
 ocurrences of the following functions :

sprintf
strcpy
strcat

The replacements are slprintf, safe_strcpy and safe_strcat.

It should not be possible to use code in Samba that uses
sprintf, strcpy or strcat, only the safe_equivalents.

Once Andrew has fixed the slprintf implementation then
this code will be moved back to the 1.9.18 code stream.

Jeremy.
(This used to be commit 2d774454005f0b54e5684cf618da7060594dfcbb)
---
 source3/rpc_server/srv_util.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 210a3f55e2..e842e3b9f9 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -297,22 +297,22 @@ void get_domain_user_groups(char *domain_groups, char *user)
 	/* can only be a user or a guest.  cannot be guest _and_ admin */
 	if (user_in_list(user, lp_domain_guest_users()))
 	{
-		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
-		strcat(domain_groups, tmp);
+		slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
+		pstrcat(domain_groups, tmp);
 
 		DEBUG(3,("domain guest access %s granted\n", tmp));
 	}
 	else
 	{
-		sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
-		strcat(domain_groups, tmp);
+		slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
+		pstrcat(domain_groups, tmp);
 
 		DEBUG(3,("domain user access %s granted\n", tmp));
 
 		if (user_in_list(user, lp_domain_admin_users()))
 		{
-			sprintf(tmp, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
-			strcat(domain_groups, tmp);
+			slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
+			pstrcat(domain_groups, tmp);
 
 			DEBUG(3,("domain admin access %s granted\n", tmp));
 		}
-- 
cgit 


From a4276507e43487f47445eab11d4ac1b080b3270e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 14 May 1998 01:30:40 +0000
Subject: chgpasswd.c: Added comments to #ifdefs ipc.c: Caused samba password
 changing not to be done if UNIX password        changing requested and not
 successful. util.c: Added string_to_sid() and sid_to_string() functions.
 lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h:
 lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c:
 lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c:
 lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c:
 lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c:
 lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as
 char *, they are converted to DOM_SID at the earliest opportunity, and passed
 around as that. Also added dynamic memory allocation of group sids. Preparing
 to auto-generate machine sid. Jeremy. (This used to be commit
 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)

---
 source3/rpc_server/srv_util.c | 117 ++++++++++++++++++++++++------------------
 1 file changed, 67 insertions(+), 50 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index e842e3b9f9..204a9eac8e 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -79,57 +79,74 @@ rid_name domain_group_rids[] =
 };
 
 
-int make_dom_gids(char *gids_str, DOM_GID *gids)
+int make_dom_gids(char *gids_str, DOM_GID **ppgids)
 {
-	char *ptr;
-	pstring s2;
-	int count;
-
-	DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
-	if (gids_str == NULL || *gids_str == 0) return 0;
-
-	for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++) 
-	{
-		/* the entries are of the form GID/ATTR, ATTR being optional.*/
-		char *attr;
-		uint32 rid = 0;
-		int i;
-
-		attr = strchr(s2,'/');
-		if (attr) *attr++ = 0;
-		if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
-
-		/* look up the RID string and see if we can turn it into a rid number */
-		for (i = 0; domain_alias_rids[i].name != NULL; i++)
-		{
-			if (strequal(domain_alias_rids[i].name, s2))
-			{
-				rid = domain_alias_rids[i].rid;
-				break;
-			}
-		}
-
-		if (rid == 0) rid = atoi(s2);
-
-		if (rid == 0)
-		{
-			DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n",
-			          s2, attr));
-			count--;
-		}
-		else
-		{
-			gids[count].g_rid = rid;
-			gids[count].attr  = atoi(attr);
-
-			DEBUG(5,("group id: %d attr: %d\n",
-			          gids[count].g_rid,
-			          gids[count].attr));
-		}
-	}
-
-	return count;
+  char *ptr;
+  pstring s2;
+  int count;
+  DOM_GID *gids;
+
+  *ppgids = NULL;
+
+  DEBUG(4,("make_dom_gids: %s\n", gids_str));
+
+  if (gids_str == NULL || *gids_str == 0)
+    return 0;
+
+  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
+    ;
+
+  gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
+  if(!gids)
+  {
+    DEBUG(0,("make_dom_gids: malloc fail !\n"));
+    return 0;
+  }
+
+  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && 
+                       count < LSA_MAX_GROUPS; count++) 
+  {
+    /* the entries are of the form GID/ATTR, ATTR being optional.*/
+    char *attr;
+    uint32 rid = 0;
+    int i;
+
+    attr = strchr(s2,'/');
+    if (attr)
+      *attr++ = 0;
+
+    if (!attr || !*attr)
+      attr = "7"; /* default value for attribute is 7 */
+
+    /* look up the RID string and see if we can turn it into a rid number */
+    for (i = 0; domain_alias_rids[i].name != NULL; i++)
+    {
+      if (strequal(domain_alias_rids[i].name, s2))
+      {
+        rid = domain_alias_rids[i].rid;
+        break;
+      }
+    }
+
+    if (rid == 0)
+      rid = atoi(s2);
+
+    if (rid == 0)
+    {
+      DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
+      count--;
+    }
+    else
+    {
+      gids[count].g_rid = rid;
+      gids[count].attr  = atoi(attr);
+
+      DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
+    }
+  }
+
+  *ppgids = gids;
+  return count;
 }
 
 /*******************************************************************
-- 
cgit 


From 39f3c0c25a289b0b255e104a0a0aaade557c84f4 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Mon, 18 May 1998 12:27:04 +0000
Subject: - renamed some of the passdb.c functions: they have a prefix pdb_ on
 them

- split smbpass.c "password file lock" routines into smbpassfile.c: moved
  trust account routines into smbpassfile.c as well
(This used to be commit 3e48b4eb113cc5e1c6794d7ac699fd9ac47c654a)
---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 204a9eac8e..632c508343 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -414,7 +414,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 		return 0x0;
 	}
 
-	unix_uid = uid_to_user_rid(rid);
+	unix_uid = pdb_uid_to_user_rid(rid);
 	DEBUG(5,(" uid: %d", unix_uid));
 
 	/* ok, it's a user.  find the user account */
-- 
cgit 


From ffab54750f0eec202895670dd9293ee4aa3eb475 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 18 May 1998 21:30:57 +0000
Subject: chgpasswd.c: Changed back to getsmb... from getsam... ldap.c: Stoped
 dummy_function being prototyped. loadparm.c: Fixed slprintf sizes.
 nisppass.c: Fixed safe_strcpy sizes. nmbd_processlogon.c: Changed back to
 getsmb... from getsam... nttrans.c: Just a dump of new code. passdb.c: Moved
 stuff around a lot - stopped any lookups by rid. This           needs to be
 indirected through a function table (soon). password.c: Changed back to
 getsmb... from getsam... reply.c: Changed back to getsmb... from getsam...
 slprintf.c: Fixed prototype problems. smb.h: Fixed prototype problems.
 smbpass.c: Changed to getsmbfile.... smbpasswd.c: Changed back to getsmb...
 from getsam... lib/rpc/server/srv_netlog.c: Changed back to getsmb... from
 getsam... lib/rpc/server/srv_samr.c: Fixed rid lookup - use uid or gid
 lookup. lib/rpc/server/srv_util.c: Changed back to getsmb... from getsam...
 Jeremy. (This used to be commit 7d332b2493d2089d09521250fc9b72d8953307c0)

---
 source3/rpc_server/srv_util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 632c508343..15c06d18bd 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -419,7 +419,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 
 	/* ok, it's a user.  find the user account */
 	become_root(True);
-	smb_pass = getsampwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
+	smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
 	unbecome_root(True);
 
 	if (smb_pass != NULL)
@@ -481,7 +481,7 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
 
 	/* find the user account */
 	become_root(True);
-	smb_pass = getsampwnam(user_name);
+	smb_pass = getsmbpwnam(user_name);
 	unbecome_root(True);
 
 	if (smb_pass != NULL)
-- 
cgit 


From 0a36b8d8a959c18c670a7e41e3f5a728f3ea88c3 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Tue, 19 May 1998 17:48:40 +0000
Subject: ldap.c :

	- added support for some of the new passdb_ops functions.

	- removed functions that are supported "indirectly" through passdb.c

nisppass.c :

	- modified make_nisname_from_xxx() functions to take a "file" arg.

	- turned getnisp21pwuid() into getnisp21pwrid().  getnisp21pwuid()
	  functionality is available through "indirect" support in passdb.c

	- removed functions that are supported "indirectly" through passdb.c

	- added support for some of the new passdb_ops functions.

passdb.c :

	- created getsam21pwrid() function to go alongside getsam21pwuid.
	  it is not expected that getsam21pwuid ever be used, certainly
	  not from the lib/rpc code.

	- created getsamdisprid() and getsamdispent().  these are primarily
	  for support of SamrQueryDisplayInfo, however given that they
	  [struct sam_disp_info] return username, rid and fullname, there may
	  be further instances where these functions will be useful.

	- added support where either the get/add/mod-smb or get/add/mod-sam21
	  functions are optional.  this can be done very easily by checking
	  whether the struct passdb_ops table functions are NULL or not.

	  documented this capability in the notes at the top of the module.

	- where unix uid was referenced, use uid_t.

	- where unix gid was referenced, use gid_t.

smb.h :

	- added sam_disp_info functions to passdb_ops.

	- added getsam21pwrid() function.

smbpass.c :

	- added reference to iterate_getsam21pwrid().

lib/rpc/server/srv_samr.c :

	- removed group rid code added to get_user_info_21() code: this
	  had been added in the wrong place.  the client / server should
	  already know whether it wants to do a lookup by user rid or
	  by group rid.

	  the test of whether the rid is a user or group rid has been left
	  in because this may become useful consistency-check code.

	- converted back to getsam21pwrid() not
	  getsam21pwuid(pdb_user_rid_to_uid()).

	  this is because the unix uid to user rid mapping can be non-monotonic
	  in some password database systems, and monotonic in others.  imposing
	  the restriction by converting immediately from rid to uid at this
	  point is inadviseable, and will place this potential restriction on
	  _all_ password database systems, not just some which, for whatever
	  reason, do not support user rids.

	  it should be up to the individual password database writer to
	  convert from user rid to unix uid, should that module not support
	  rids.

lib/rpc/server/srv_util.c :

	- got lookup_user_name() to call getsamdisprid() not getsmbpwuid().
	  a bug was introduced (or at least the bug already there was not
	  fixed) whereby the nt user rid was converted to a unix uid, and
	  then not used.
(This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)
---
 source3/rpc_server/srv_util.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 15c06d18bd..fca37db717 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -394,8 +394,7 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
  ********************************************************************/
 uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 {
-	struct smb_passwd *smb_pass;
-	uint32 unix_uid;
+	struct sam_disp_info *disp_info;
 	int i = 0;
 	(*type) = SID_NAME_USER;
 
@@ -414,17 +413,14 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 		return 0x0;
 	}
 
-	unix_uid = pdb_uid_to_user_rid(rid);
-	DEBUG(5,(" uid: %d", unix_uid));
-
 	/* ok, it's a user.  find the user account */
 	become_root(True);
-	smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
+	disp_info = getsamdisprid(rid);
 	unbecome_root(True);
 
-	if (smb_pass != NULL)
+	if (disp_info != NULL)
 	{
-		fstrcpy(user_name, smb_pass->smb_name);
+		fstrcpy(user_name, disp_info->smb_name);
 		DEBUG(5,(" = %s\n", user_name));
 		return 0x0;
 	}
-- 
cgit 


From 59e2992139774762456826f6667e73f2b39828d8 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Thu, 4 Jun 1998 15:24:20 +0000
Subject: added "domain admin group" and "domain guest group" parameters.  this
 is because "domain admin users" and "domain guest users" was overloaded.

incorrectly.
(This used to be commit 04b824007263ac4879c7282a2d230deaac7d2c7b)
---
 source3/rpc_server/srv_util.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index fca37db717..64f2e7a0d9 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -312,26 +312,26 @@ void get_domain_user_groups(char *domain_groups, char *user)
 	pstrcpy(domain_groups, lp_domain_groups());
 
 	/* can only be a user or a guest.  cannot be guest _and_ admin */
-	if (user_in_list(user, lp_domain_guest_users()))
+	if (user_in_list(user, lp_domain_guest_group()))
 	{
 		slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
 		pstrcat(domain_groups, tmp);
 
-		DEBUG(3,("domain guest access %s granted\n", tmp));
+		DEBUG(3,("domain guest group access %s granted\n", tmp));
 	}
 	else
 	{
 		slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
 		pstrcat(domain_groups, tmp);
 
-		DEBUG(3,("domain user access %s granted\n", tmp));
+		DEBUG(3,("domain group access %s granted\n", tmp));
 
-		if (user_in_list(user, lp_domain_admin_users()))
+		if (user_in_list(user, lp_domain_admin_group()))
 		{
 			slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
 			pstrcat(domain_groups, tmp);
 
-			DEBUG(3,("domain admin access %s granted\n", tmp));
+			DEBUG(3,("domain admin group access %s granted\n", tmp));
 		}
 	}
 }
-- 
cgit 


From e85295d9241bcdad3723898ab8ad88d8f11d5f28 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 9 Jun 1998 02:26:26 +0000
Subject: loadparm.c: Removed 'domain other sids' parameter.
 lib/rpc/include/rpc_lsa.h: Changed #defines for RPC calls - moved some, made
 LSA_LOOKUPNAMES correct. lib/rpc/include/rpc_misc.h: Changed DOMAIN_ALIAS_xxx
 to BUILTIN_ALIAS_xxx.                             Changed bitmasks for uid to
 rid to be 1 bit. lib/rpc/parse/parse_misc.c: Changed make_unistr2 to put
 length as given, max length as one more. lib/rpc/server/srv_netlog.c: Removed
 'domain other sids' parameter. lib/rpc/server/srv_samr.c: Changed
 DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. lib/rpc/server/srv_util.c: Changed
 DOMAIN_ALIAS_xxx to BUILTIN_ALIAS_xxx. Jeremy. (This used to be commit
 34c91840a3d8c252715dc2f749b7a3b171a5b74f)

---
 source3/rpc_server/srv_util.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 64f2e7a0d9..1ccd14c813 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -48,16 +48,16 @@ extern int DEBUGLEVEL;
    i.e the DOMAIN_GROUP_RID_ADMIN/USER/GUEST.  */
 rid_name domain_alias_rids[] = 
 {
-	{ DOMAIN_ALIAS_RID_ADMINS       , "admins" },
-	{ DOMAIN_ALIAS_RID_USERS        , "users" },
-	{ DOMAIN_ALIAS_RID_GUESTS       , "guests" },
-	{ DOMAIN_ALIAS_RID_POWER_USERS  , "power_users" },
-
-	{ DOMAIN_ALIAS_RID_ACCOUNT_OPS  , "account_ops" },
-	{ DOMAIN_ALIAS_RID_SYSTEM_OPS   , "system_ops" },
-	{ DOMAIN_ALIAS_RID_PRINT_OPS    , "print_ops" },
-	{ DOMAIN_ALIAS_RID_BACKUP_OPS   , "backup_ops" },
-	{ DOMAIN_ALIAS_RID_REPLICATOR   , "replicator" },
+	{ BUILTIN_ALIAS_RID_ADMINS       , "admins" },
+	{ BUILTIN_ALIAS_RID_USERS        , "users" },
+	{ BUILTIN_ALIAS_RID_GUESTS       , "guests" },
+	{ BUILTIN_ALIAS_RID_POWER_USERS  , "power_users" },
+
+	{ BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "account_ops" },
+	{ BUILTIN_ALIAS_RID_SYSTEM_OPS   , "system_ops" },
+	{ BUILTIN_ALIAS_RID_PRINT_OPS    , "print_ops" },
+	{ BUILTIN_ALIAS_RID_BACKUP_OPS   , "backup_ops" },
+	{ BUILTIN_ALIAS_RID_REPLICATOR   , "replicator" },
 	{ 0                             , NULL }
 };
 
-- 
cgit 


From 9a735eb7e25d8bf6c5be7775d89436034ea6be8a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 12 Jun 1998 03:08:23 +0000
Subject: ipc.c: map_username is now a BOOL function. reply.c: map_username is
 now a BOOL function. server.c: Added capability to do map_username on service
 names           when looking for a home directory. That's what the          
 original code would do. lib/rpc/server/srv_util.c: Changed domain_ to
 builtin_ for                            BUILTIN aliases. username.c: Work in
 progress on groupname map parameter. Jeremy (This used to be commit
 fa95fae5eed95aff64f0a01825477610a101bbc7)

---
 source3/rpc_server/srv_util.c | 52 ++++++++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 25 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 1ccd14c813..e05a964c9f 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -43,21 +43,23 @@
 
 extern int DEBUGLEVEL;
 
-/* array lookup of well-known RID aliases.  the purpose of these escapes me.. */
-/* XXXX this structure should not have the well-known RID groups added to it,
-   i.e the DOMAIN_GROUP_RID_ADMIN/USER/GUEST.  */
-rid_name domain_alias_rids[] = 
+/*
+ * A list of the rids of well known BUILTIN and Domain users
+ * and groups.
+ */
+
+rid_name builtin_alias_rids[] = 
 {
-	{ BUILTIN_ALIAS_RID_ADMINS       , "admins" },
-	{ BUILTIN_ALIAS_RID_USERS        , "users" },
-	{ BUILTIN_ALIAS_RID_GUESTS       , "guests" },
-	{ BUILTIN_ALIAS_RID_POWER_USERS  , "power_users" },
-
-	{ BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "account_ops" },
-	{ BUILTIN_ALIAS_RID_SYSTEM_OPS   , "system_ops" },
-	{ BUILTIN_ALIAS_RID_PRINT_OPS    , "print_ops" },
-	{ BUILTIN_ALIAS_RID_BACKUP_OPS   , "backup_ops" },
-	{ BUILTIN_ALIAS_RID_REPLICATOR   , "replicator" },
+	{ BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
+	{ BUILTIN_ALIAS_RID_USERS        , "Users" },
+	{ BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
+	{ BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
+
+	{ BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
+	{ BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
+	{ BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
+	{ BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
+	{ BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
 	{ 0                             , NULL }
 };
 
@@ -72,9 +74,9 @@ rid_name domain_user_rids[] =
 /* array lookup of well-known Domain RID groups. */
 rid_name domain_group_rids[] = 
 {
-	{ DOMAIN_GROUP_RID_ADMINS       , "domain admins" },
-	{ DOMAIN_GROUP_RID_USERS        , "domain users" },
-	{ DOMAIN_GROUP_RID_GUESTS       , "domain guests" },
+	{ DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
+	{ DOMAIN_GROUP_RID_USERS        , "Domain Users" },
+	{ DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
 	{ 0                             , NULL }
 };
 
@@ -119,11 +121,11 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
       attr = "7"; /* default value for attribute is 7 */
 
     /* look up the RID string and see if we can turn it into a rid number */
-    for (i = 0; domain_alias_rids[i].name != NULL; i++)
+    for (i = 0; builtin_alias_rids[i].name != NULL; i++)
     {
-      if (strequal(domain_alias_rids[i].name, s2))
+      if (strequal(builtin_alias_rids[i].name, s2))
       {
-        rid = domain_alias_rids[i].rid;
+        rid = builtin_alias_rids[i].rid;
         break;
       }
     }
@@ -373,14 +375,14 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 
 	DEBUG(5,("lookup_alias_name: rid: %d", rid));
 
-	while (domain_alias_rids[i].rid != rid && domain_alias_rids[i].rid != 0)
+	while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
 	{
 		i++;
 	}
 
-	if (domain_alias_rids[i].rid != 0)
+	if (builtin_alias_rids[i].rid != 0)
 	{
-		fstrcpy(alias_name, domain_alias_rids[i].name);
+		fstrcpy(alias_name, builtin_alias_rids[i].name);
 		DEBUG(5,(" = %s\n", alias_name));
 		return 0x0;
 	}
@@ -459,8 +461,8 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
 	do /* find, if it exists, a alias rid for the alias name*/
 	{
 		i++;
-		(*rid) = domain_alias_rids[i].rid;
-		als_name = domain_alias_rids[i].name;
+		(*rid) = builtin_alias_rids[i].rid;
+		als_name = builtin_alias_rids[i].name;
 
 	} while (als_name != NULL && !strequal(als_name, alias_name));
 
-- 
cgit 


From 5b5eb35c91ec400a25f6e6cf3eec421bd9560d50 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 13 Jun 1998 03:04:00 +0000
Subject: Makefile: Added ubi_sLinkList.o as the groupname.o file needs it.
 Added groupname.o includes.h: Added ubi_sLinkList.h include. loadparm.c:
 Added groupname map parameter. password.c: Fix HPUX big_crypt. username.c:
 New user_in_list() code. Moved groupname map code to groupname.c
 lib/rpc/server/srv_util.c: Added lookup_wellknown_sid_from_name().

New groupname map stuff. Note that nothing currently uses this but at
compiles ok.

Jeremy.
(This used to be commit beef636a4d772457816ef068c62ea965d07131f6)
---
 source3/rpc_server/srv_util.c | 87 +++++++++++++++++++++++++++++++------------
 1 file changed, 63 insertions(+), 24 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index e05a964c9f..c316661146 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -42,44 +42,83 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
+extern DOM_SID global_machine_sid;
 
 /*
  * A list of the rids of well known BUILTIN and Domain users
  * and groups.
  */
 
-rid_name builtin_alias_rids[] = 
-{
-	{ BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
-	{ BUILTIN_ALIAS_RID_USERS        , "Users" },
-	{ BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
-	{ BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
-
-	{ BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
-	{ BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
-	{ BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
-	{ BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
-	{ BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
-	{ 0                             , NULL }
+rid_name builtin_alias_rids[] =
+{  
+    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
+    { BUILTIN_ALIAS_RID_USERS        , "Users" },
+    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
+    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
+   
+    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
+    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
+    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
+    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
+    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
+    { 0                             , NULL }
 };
 
 /* array lookup of well-known Domain RID users. */
-rid_name domain_user_rids[] = 
-{
-	{ DOMAIN_USER_RID_ADMIN         , "Administrator" },
-	{ DOMAIN_USER_RID_GUEST         , "Guest" },
-	{ 0                             , NULL }
+rid_name domain_user_rids[] =
+{  
+    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
+    { DOMAIN_USER_RID_GUEST         , "Guest" },
+    { 0                             , NULL }
 };
 
 /* array lookup of well-known Domain RID groups. */
-rid_name domain_group_rids[] = 
-{
-	{ DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
-	{ DOMAIN_GROUP_RID_USERS        , "Domain Users" },
-	{ DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
-	{ 0                             , NULL }
+rid_name domain_group_rids[] =
+{  
+    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
+    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
+    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
+    { 0                             , NULL }
 };
 
+/**************************************************************************
+ Check if a name matches any of the well known SID values.
+***************************************************************************/
+
+BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
+{
+  rid_name *rnp;
+  int i;
+
+  for( i = 0; builtin_alias_rids[i].name != NULL; i++) {
+    rnp = &builtin_alias_rids[i];
+    if(strequal(rnp->name, windows_name)) {
+      string_to_sid( psid, "S-1-5-32" );
+      psid->sub_auths[psid->num_auths++] = rnp->rid;
+      return True;
+    }
+  }
+
+  for( i = 0; domain_user_rids[i].name != NULL; i++ ) {
+    rnp = &domain_user_rids[i];
+    if(strequal(rnp->name, windows_name)) {
+      *psid = global_machine_sid;
+      psid->sub_auths[psid->num_auths++] = rnp->rid;
+      return True;
+    }
+  }
+
+  for( i = 0; domain_group_rids[i].name != NULL; i++ ) {
+    rnp = &domain_group_rids[i];
+    if(strequal(rnp->name, windows_name)) {
+      *psid = global_machine_sid;
+      psid->sub_auths[psid->num_auths++] = rnp->rid;
+      return True;
+    }
+  }
+
+  return False;
+}
 
 int make_dom_gids(char *gids_str, DOM_GID **ppgids)
 {
-- 
cgit 


From 3f3f47b0bd8d089120d267cfad1976db95cd8ebe Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 22 Aug 1998 02:54:21 +0000
Subject: added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberally
 in the rpc code. (This used to be commit
 e6ce1c5b5a9f29d8fcbbd23019186ff5c600e795)

---
 source3/rpc_server/srv_util.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index c316661146..80e10a3d3a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -94,6 +94,7 @@ BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
     rnp = &builtin_alias_rids[i];
     if(strequal(rnp->name, windows_name)) {
       string_to_sid( psid, "S-1-5-32" );
+      ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
       psid->sub_auths[psid->num_auths++] = rnp->rid;
       return True;
     }
@@ -103,6 +104,7 @@ BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
     rnp = &domain_user_rids[i];
     if(strequal(rnp->name, windows_name)) {
       *psid = global_machine_sid;
+      ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
       psid->sub_auths[psid->num_auths++] = rnp->rid;
       return True;
     }
@@ -112,6 +114,7 @@ BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
     rnp = &domain_group_rids[i];
     if(strequal(rnp->name, windows_name)) {
       *psid = global_machine_sid;
+      ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
       psid->sub_auths[psid->num_auths++] = rnp->rid;
       return True;
     }
-- 
cgit 


From 8afc9c80ac11649f06e5517d819dbf201c941acb Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 24 Aug 1998 21:49:10 +0000
Subject: Changed ASSERT macros to SMB_ASSERT macros as some systems already
 have an ASSERT macro defined. Jeremy. (This used to be commit
 dbe6ad014a8b5dcbf17d7cd9865650c2e040d666)

---
 source3/rpc_server/srv_util.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 80e10a3d3a..6c47db04bf 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -94,7 +94,7 @@ BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
     rnp = &builtin_alias_rids[i];
     if(strequal(rnp->name, windows_name)) {
       string_to_sid( psid, "S-1-5-32" );
-      ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
+      SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
       psid->sub_auths[psid->num_auths++] = rnp->rid;
       return True;
     }
@@ -104,7 +104,7 @@ BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
     rnp = &domain_user_rids[i];
     if(strequal(rnp->name, windows_name)) {
       *psid = global_machine_sid;
-      ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
+      SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
       psid->sub_auths[psid->num_auths++] = rnp->rid;
       return True;
     }
@@ -114,7 +114,7 @@ BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
     rnp = &domain_group_rids[i];
     if(strequal(rnp->name, windows_name)) {
       *psid = global_machine_sid;
-      ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
+      SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
       psid->sub_auths[psid->num_auths++] = rnp->rid;
       return True;
     }
-- 
cgit 


From 61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 31 Aug 1998 03:11:42 +0000
Subject: bounds check next_token() to prevent possible buffer overflows (This
 used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)

---
 source3/rpc_server/srv_util.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 6c47db04bf..0a7728aa3a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -137,7 +137,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
   if (gids_str == NULL || *gids_str == 0)
     return 0;
 
-  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
+  for (count = 0, ptr = gids_str; 
+       next_token(&ptr, s2, NULL, sizeof(s2)); 
+       count++)
     ;
 
   gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
@@ -147,8 +149,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
     return 0;
   }
 
-  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && 
-                       count < LSA_MAX_GROUPS; count++) 
+  for (count = 0, ptr = gids_str; 
+       next_token(&ptr, s2, NULL, sizeof(s2)) && 
+	       count < LSA_MAX_GROUPS; 
+       count++) 
   {
     /* the entries are of the form GID/ATTR, ATTR being optional.*/
     char *attr;
-- 
cgit 


From e9ea36e4d2270bd7d32da12ef6d6e2299641582d Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 5 Sep 1998 05:07:05 +0000
Subject: tridge the destroyer returns!

prompted by the interpret_security() dead code that Jean-Francois
pointed out I added a make target "finddead" that finds potentially
dead (ie. unused) code. It spat out 304 function names ...

I went through these are deleted many of them, making others static
(finddead also reports functions that are used only in the local
file).

in doing this I have almost certainly deleted some useful code. I may
have even prevented compilation with some compile options. I
apologise. I decided it was better to get rid of this code now and add
back the one or two functions that are needed than to keep all this
baggage.

So, if I have done a bit too much "destroying" then let me know. Keep
the swearing to a minimum :)

One bit I didn't do is the ubibt code. Chris, can you look at that?
Heaps of unused functions there. Can they be made static?
(This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
---
 source3/rpc_server/srv_util.c | 42 ------------------------------------------
 1 file changed, 42 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 0a7728aa3a..68a4f79f0b 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -81,48 +81,6 @@ rid_name domain_group_rids[] =
     { 0                             , NULL }
 };
 
-/**************************************************************************
- Check if a name matches any of the well known SID values.
-***************************************************************************/
-
-BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
-{
-  rid_name *rnp;
-  int i;
-
-  for( i = 0; builtin_alias_rids[i].name != NULL; i++) {
-    rnp = &builtin_alias_rids[i];
-    if(strequal(rnp->name, windows_name)) {
-      string_to_sid( psid, "S-1-5-32" );
-      SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
-      psid->sub_auths[psid->num_auths++] = rnp->rid;
-      return True;
-    }
-  }
-
-  for( i = 0; domain_user_rids[i].name != NULL; i++ ) {
-    rnp = &domain_user_rids[i];
-    if(strequal(rnp->name, windows_name)) {
-      *psid = global_machine_sid;
-      SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
-      psid->sub_auths[psid->num_auths++] = rnp->rid;
-      return True;
-    }
-  }
-
-  for( i = 0; domain_group_rids[i].name != NULL; i++ ) {
-    rnp = &domain_group_rids[i];
-    if(strequal(rnp->name, windows_name)) {
-      *psid = global_machine_sid;
-      SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
-      psid->sub_auths[psid->num_auths++] = rnp->rid;
-      return True;
-    }
-  }
-
-  return False;
-}
-
 int make_dom_gids(char *gids_str, DOM_GID **ppgids)
 {
   char *ptr;
-- 
cgit 


From f650b65800c6d6c09cc2d59d7afe728fcb819a5f Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Thu, 24 Sep 1998 20:02:56 +0000
Subject: this fixes the last of the issues where USRMGR.EXE and SRVMGR.EXE
 were failing.  running these two programs on a samba pdc now work.

parse_samr.c:

- removed __LINE__ from debug macros.

- removed call to SMB_ASSERT_ARRAY() in samr_r_query_usergroups.  the
  DOM_GID array is a malloc'd array (by make_dom_gids) not a static
  array.


srv_samr.c:

- replaced all "struct smb_passwd"s with sam_passwds instead.  there
  were uid to rid confusion issues (assumptions that uids were equal
  to rids).

- #if 0'd the pdb_rid_is_user() call which, given the above corrections,
  would probably work now.


srv_util.c:

- replaced "struct smb_passwd" with sam_passwd in lookup_user_rid, as
  assumptions were being made that uids were equal to rids.
(This used to be commit 3f98697cd5203fba07518d7c777ba19644e35b45)
---
 source3/rpc_server/srv_util.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 68a4f79f0b..3c0fc9271e 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -478,18 +478,17 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
  ********************************************************************/
 uint32 lookup_user_rid(char *user_name, uint32 *rid)
 {
-	struct smb_passwd *smb_pass;
+	struct sam_passwd *sam_pass;
 	(*rid) = 0;
 
 	/* find the user account */
 	become_root(True);
-	smb_pass = getsmbpwnam(user_name);
+	sam_pass = getsam21pwnam(user_name);
 	unbecome_root(True);
 
-	if (smb_pass != NULL)
+	if (sam_pass != NULL)
 	{
-		/* lkclXXXX SHOULD use name_to_rid() here! */
-		(*rid) = smb_pass->smb_userid;
+		(*rid) = sam_pass->user_rid;
 		return 0x0;
 	}
 
-- 
cgit 


From 9066025a8a4afe1f7f559c455d86fc023792ed17 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 29 Sep 1998 20:24:17 +0000
Subject: Got very strict about the differences and uses of uid_t, gid_t and
 vuid. Added sys_getgroups() to get around the int * return problem. Set
 correct datatypes for all uid, gid and vuid variables. Jeremy. (This used to
 be commit e570db46fc3a78e499523fd342e9a34cebb18998)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 3c0fc9271e..fc78c656fd 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -246,7 +246,7 @@ static BOOL api_rpc_command(pipes_struct *p,
 
 	/* do the actual command */
 	p->rdata.offset = 0; 
-	api_rpc_cmds[fn_num].fn(p->uid, data, &(p->rdata));
+	api_rpc_cmds[fn_num].fn(p->vuid, data, &(p->rdata));
 
 	if (p->rdata.data == NULL || p->rdata.offset == 0)
 	{
-- 
cgit 


From 48b31ae44fb2a1961bd738b0b3e7a986259168a2 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 7 Oct 1998 21:42:24 +0000
Subject: dce/rpc (This used to be commit
 6677b888bdb45df00646eb7cc13005b9465ff971)

---
 source3/rpc_server/srv_util.c | 280 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 279 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index fc78c656fd..520a9cc02a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -209,6 +209,284 @@ BOOL create_rpc_reply(pipes_struct *p,
 }
 
 
+static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
+{
+	/* receive a negotiate; send a challenge; receive a response */
+	switch (p->auth_verifier.msg_type)
+	{
+		case NTLMSSP_NEGOTIATE:
+		{
+			smb_io_rpc_auth_ntlmssp_neg("", &p->ntlmssp_neg, pd, 0);
+			break;
+		}
+		case NTLMSSP_AUTH:
+		{
+			smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0);
+			break;
+		}
+		default:
+		{
+			/* NTLMSSP expected: unexpected message type */
+			DEBUG(3,("unexpected message type in NTLMSSP %d\n",
+			          p->auth_verifier.msg_type));
+			return False;
+		}
+	}
+
+	return (pd->offset != 0);
+}
+
+struct api_cmd
+{
+  char * pipe_clnt_name;
+  char * pipe_srv_name;
+  BOOL (*fn) (pipes_struct *, prs_struct *);
+};
+
+static struct api_cmd api_fd_commands[] =
+{
+    { "lsarpc",   "lsass",   api_ntlsa_rpc },
+    { "samr",     "lsass",   api_samr_rpc },
+    { "srvsvc",   "ntsvcs",  api_srvsvc_rpc },
+    { "wkssvc",   "ntsvcs",  api_wkssvc_rpc },
+    { "NETLOGON", "lsass",   api_netlog_rpc },
+    { "winreg",   "winreg",  api_reg_rpc },
+    { NULL,       NULL,      NULL }
+};
+
+static BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *pd)
+{
+	p->ntlmssp_auth = False;
+
+	DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
+
+	if (p->hdr.auth_len != 0)
+	{
+		/* decode the authentication verifier response */
+		smb_io_rpc_hdr_autha("", &p->autha_info, pd, 0);
+		if (pd->offset == 0) return False;
+
+		p->ntlmssp_auth = p->auth_info.auth_type = 0x0a;
+
+		if (p->ntlmssp_auth)
+		{
+			smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
+			if (pd->offset == 0) return False;
+
+			p->ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP");
+		}
+
+		if (p->ntlmssp_auth)
+		{
+			if (!api_pipe_ntlmssp(p, pd)) return False;
+		}
+	}
+
+	return p->ntlmssp_auth;
+}
+
+static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
+{
+	uint16 assoc_gid;
+	fstring ack_pipe_name;
+	int i = 0;
+
+	p->ntlmssp_auth = False;
+
+	DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
+
+	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
+	{
+		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+		    api_fd_commands[i].fn != NULL)
+		{
+			DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
+			           api_fd_commands[i].pipe_clnt_name,
+			           api_fd_commands[i].pipe_srv_name));
+			fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name);
+			break;
+		}
+	}
+
+	if (api_fd_commands[i].fn == NULL) return False;
+
+	/* decode the bind request */
+	smb_io_rpc_hdr_rb("", &p->hdr_rb, pd, 0);
+
+	if (pd->offset == 0) return False;
+
+	if (p->hdr.auth_len != 0)
+	{
+		/* decode the authentication verifier */
+		smb_io_rpc_hdr_auth    ("", &p->auth_info    , pd, 0);
+		if (pd->offset == 0) return False;
+
+		p->ntlmssp_auth = p->auth_info.auth_type = 0x0a;
+
+		if (p->ntlmssp_auth)
+		{
+			smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
+			if (pd->offset == 0) return False;
+
+			p->ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP");
+		}
+
+		if (p->ntlmssp_auth)
+		{
+			if (!api_pipe_ntlmssp(p, pd)) return False;
+		}
+	}
+
+	/* name has to be \PIPE\xxxxx */
+	fstrcpy(ack_pipe_name, "\\PIPE\\");
+	fstrcat(ack_pipe_name, p->pipe_srv_name);
+
+	DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
+
+	prs_init(&(p->rdata), 1024, 4, 0, False);
+	prs_init(&(p->rhdr ), 0x10, 4, 0, False);
+	prs_init(&(p->rauth), 1024, 4, 0, False);
+	prs_init(&(p->rverf), 0x08, 4, 0, False);
+	prs_init(&(p->rntlm), 1024, 4, 0, False);
+
+	/***/
+	/*** do the bind ack first ***/
+	/***/
+
+	if (p->ntlmssp_auth)
+	{
+		assoc_gid = 0x7a77;
+	}
+	else
+	{
+		assoc_gid = p->hdr_rb.bba.assoc_gid;
+	}
+
+	make_rpc_hdr_ba(&p->hdr_ba,
+	                p->hdr_rb.bba.max_tsize,
+	                p->hdr_rb.bba.max_rsize,
+	                assoc_gid,
+	                ack_pipe_name,
+	                0x1, 0x0, 0x0,
+	                &(p->hdr_rb.transfer));
+
+	smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0);
+	mem_realloc_data(p->rdata.data, p->rdata.offset);
+
+	/***/
+	/*** now the authentication ***/
+	/***/
+
+	if (p->ntlmssp_auth)
+	{
+		uint8 challenge[8];
+		generate_random_buffer(challenge, 8, False);
+
+		/*** authentication info ***/
+
+		make_rpc_hdr_auth(&p->auth_info,
+		                       0x0a, 0x06, 0);
+		smb_io_rpc_hdr_auth("", &p->auth_info, &p->rverf, 0);
+		mem_realloc_data(p->rverf.data, p->rverf.offset);
+
+		/*** NTLMSSP verifier ***/
+
+		make_rpc_auth_verifier(&p->auth_verifier,
+		                       "NTLMSSP", NTLMSSP_CHALLENGE);
+		smb_io_rpc_auth_verifier("", &p->auth_verifier, &p->rauth, 0);
+		mem_realloc_data(p->rauth.data, p->rauth.offset);
+
+		/* NTLMSSP challenge ***/
+
+		make_rpc_auth_ntlmssp_chal(&p->ntlmssp_chal,
+		                           0x000082b1, challenge);
+		smb_io_rpc_auth_ntlmssp_chal("", &p->ntlmssp_chal, &p->rntlm, 0);
+		mem_realloc_data(p->rntlm.data, p->rntlm.offset);
+	}
+
+	/***/
+	/*** then do the header, now we know the length ***/
+	/***/
+
+	make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+	             p->hdr.call_id,
+	             p->rdata.offset + p->rverf.offset + p->rauth.offset + p->rntlm.offset + 0x10,
+	             p->rauth.offset + p->rntlm.offset);
+
+	smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0);
+	mem_realloc_data(p->rhdr.data, p->rdata.offset);
+
+	/***/
+	/*** link rpc header, bind acknowledgment and authentication responses ***/
+	/***/
+
+	if (p->ntlmssp_auth)
+	{
+		prs_link(NULL     , &p->rhdr , &p->rdata);
+		prs_link(&p->rhdr , &p->rdata, &p->rverf);
+		prs_link(&p->rdata, &p->rverf, &p->rauth);
+		prs_link(&p->rverf, &p->rauth, &p->rntlm);
+		prs_link(&p->rauth, &p->rntlm, NULL     );
+	}
+	else
+	{
+		prs_link(NULL    , &p->rhdr , &p->rdata);
+		prs_link(&p->rhdr, &p->rdata, NULL     );
+	}
+
+	return True;
+}
+
+static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
+{
+	int i = 0;
+
+	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
+	{
+		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+		    api_fd_commands[i].fn != NULL)
+		{
+			DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name));
+			return api_fd_commands[i].fn(p, pd);
+		}
+	}
+	return False;
+}
+
+BOOL rpc_command(pipes_struct *p, prs_struct *pd)
+{
+	BOOL reply = False;
+	if (pd->data == NULL) return False;
+
+	/* process the rpc header */
+	smb_io_rpc_hdr("", &p->hdr, pd, 0);
+
+	if (pd->offset == 0) return False;
+
+	switch (p->hdr.pkt_type)
+	{
+		case RPC_BIND   :
+		{
+			reply = api_pipe_bind_req(p, pd);
+			break;
+		}
+		case RPC_REQUEST:
+		{
+			reply = api_pipe_request (p, pd);
+			break;
+		}
+		case RPC_BINDRESP: /* not the real name! */
+		{
+			reply = api_pipe_bind_auth_resp(p, pd);
+			break;
+		}
+	}
+
+
+	return reply;
+}
+
+
 /*******************************************************************
  receives a netlogon pipe and responds.
  ********************************************************************/
@@ -256,7 +534,7 @@ static BOOL api_rpc_command(pipes_struct *p,
 
 	mem_realloc_data(p->rdata.data, p->rdata.offset);
 
-    DEBUG(10,("called %s\n", rpc_name));
+	DEBUG(10,("called %s\n", rpc_name));
 
 	return True;
 }
-- 
cgit 


From c09647c3e1faa54e36c383958d9ea6def911f77d Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 14 Oct 1998 07:08:43 +0000
Subject: more warnings... (This used to be commit
 8b9c0bad889d4f26987d87c54b4d8bf102af1744)

---
 source3/rpc_server/srv_util.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 520a9cc02a..f9532981e0 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -384,8 +384,7 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
 
 		/*** authentication info ***/
 
-		make_rpc_hdr_auth(&p->auth_info,
-		                       0x0a, 0x06, 0);
+		make_rpc_hdr_auth(&p->auth_info, 0x0a, 0x06, 0, 1);
 		smb_io_rpc_hdr_auth("", &p->auth_info, &p->rverf, 0);
 		mem_realloc_data(p->rverf.data, p->rverf.offset);
 
-- 
cgit 


From d4a82ea26d5b9501f210a5c441b1ac09c256a187 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Fri, 16 Oct 1998 20:07:02 +0000
Subject: rpc client mods (ntlmssp flags) (This used to be commit
 16256f86bf451535c7955b8f51a9b88fc33a8e4d)

---
 source3/rpc_server/srv_util.c | 50 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f9532981e0..dc0918f1bf 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -208,6 +208,52 @@ BOOL create_rpc_reply(pipes_struct *p,
 	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
 }
 
+static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
+{
+	uchar lm_owf[24];
+	uchar nt_owf[24];
+	
+	DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
+
+	if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
+	if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
+	if (p->ntlmssp_resp.hdr_usr    .str_str_len == 0) return False;
+	if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
+	if (p->ntlmssp_resp.hdr_wks    .str_str_len == 0) return False;
+
+	memset(p->user_name, 0, sizeof(p->user_name));
+	memset(p->domain   , 0, sizeof(p->domain   ));
+	memset(p->wks      , 0, sizeof(p->wks      ));
+
+	if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+	{
+		fstrcpy(p->user_name, unistrn2((uint16*)p->ntlmssp_resp.user  , p->ntlmssp_resp.hdr_usr   .str_str_len/2));
+		fstrcpy(p->domain   , unistrn2((uint16*)p->ntlmssp_resp.domain, p->ntlmssp_resp.hdr_domain.str_str_len/2));
+		fstrcpy(p->wks      , unistrn2((uint16*)p->ntlmssp_resp.wks   , p->ntlmssp_resp.hdr_wks   .str_str_len/2));
+	}
+	else
+	{
+		fstrcpy(p->user_name, p->ntlmssp_resp.user  );
+		fstrcpy(p->domain   , p->ntlmssp_resp.domain);
+		fstrcpy(p->wks      , p->ntlmssp_resp.wks   );
+	}
+
+	DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
+
+	memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
+	memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,"lm, nt owfs:\n"));
+	dump_data(100, lm_owf, sizeof(lm_owf));
+	dump_data(100, nt_owf, sizeof(nt_owf));
+#endif
+	return True;
+#if 0
+	return pass_check_smb(p->user_name, p->domain,
+	                      p->ntplssp_chal.challenge, lm_owf, nt_owf);
+#endif
+}
 
 static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
 {
@@ -222,6 +268,10 @@ static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
 		case NTLMSSP_AUTH:
 		{
 			smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0);
+			if (!api_pipe_ntlmssp_verify(p))
+			{
+				pd->offset = 0;
+			}
 			break;
 		}
 		default:
-- 
cgit 


From 97f0c9d55014db221fdceaaf07318ae9df9688a1 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Fri, 16 Oct 1998 21:36:19 +0000
Subject: made pass_check_smb() available for dce/rpc use. (This used to be
 commit 95e8a910c5d9ba0ef57669fb1256eaa932e0bb09)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index dc0918f1bf..76f113374d 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -244,7 +244,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
 
 #ifdef DEBUG_PASSWORD
-	DEBUG(100,"lm, nt owfs:\n"));
+	DEBUG(100,("lm, nt owfs:\n"));
 	dump_data(100, lm_owf, sizeof(lm_owf));
 	dump_data(100, nt_owf, sizeof(nt_owf));
 #endif
-- 
cgit 


From a785f8d2c90f3db579c781ca5f722cb5b695fcb4 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Fri, 16 Oct 1998 23:40:59 +0000
Subject: dce/rpc (This used to be commit
 29434f496c18e816d864060d68f357aea6ef5de8)

---
 source3/rpc_server/srv_util.c | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 76f113374d..93640f3445 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -248,11 +248,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	dump_data(100, lm_owf, sizeof(lm_owf));
 	dump_data(100, nt_owf, sizeof(nt_owf));
 #endif
-	return True;
-#if 0
-	return pass_check_smb(p->user_name, p->domain,
-	                      p->ntplssp_chal.challenge, lm_owf, nt_owf);
-#endif
+	become_root(True);
+	p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
+	                      p->ntlmssp_chal.challenge, lm_owf, nt_owf, NULL);
+	unbecome_root(True);
+
+	return p->ntlmssp_validated;
 }
 
 static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
@@ -486,10 +487,26 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
 	return True;
 }
 
+
+static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
+{
+	return True;
+}
+
 static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
 {
 	int i = 0;
 
+	if (p->ntlmssp_auth && p->ntlmssp_validated)
+	{
+		if (!api_pipe_auth_process(p)) return False;
+
+		DEBUG(0,("api_pipe_request: **** MUST CALL become_user() HERE **** \n"));
+#if 0
+		become_user();
+#endif
+	}
+
 	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
 	{
 		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
-- 
cgit 


From 4e621f638a91e13f65a81f880912c11f77385d0f Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Fri, 16 Oct 1998 23:42:09 +0000
Subject: oops. (This used to be commit
 fc1b7b9e75b029ffa93263766fe297d043c6d1df)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 93640f3445..850282b6b5 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -499,7 +499,7 @@ static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
 
 	if (p->ntlmssp_auth && p->ntlmssp_validated)
 	{
-		if (!api_pipe_auth_process(p)) return False;
+		if (!api_pipe_auth_process(p, pd)) return False;
 
 		DEBUG(0,("api_pipe_request: **** MUST CALL become_user() HERE **** \n"));
 #if 0
-- 
cgit 


From 01de6030843f5f402dee8bf72f564a91ae8437ca Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Mon, 19 Oct 1998 17:32:10 +0000
Subject: - dce/rpc code

- removed debug info in struni2 and unistr2 (security risk)

- rpc_pipe function was getting pointer to data then calling realloc *dur*

- password check function, the start of "credential checking",
  user, wks, domain, pass as the credentials (not just user,pass which
  is incorrect in a domain context)

- cli_write needs to return ssize_t not size_t, because total can be -1
  if the write fails.

- fixed signed / unsigned warnings (how come i don't get those any more
  when i compile with gcc???)

- nt password change added in smbd.  yes, jeremy, i verified that the
  SMBtrans2 version still works.
(This used to be commit fcfb40d2b0fc565ee4f66b3a3761c246366a2ef3)
---
 source3/rpc_server/srv_util.c | 124 +++++++++++++++++++++++++++++++++---------
 1 file changed, 97 insertions(+), 27 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 850282b6b5..7ddc2da5d1 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -212,6 +212,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 {
 	uchar lm_owf[24];
 	uchar nt_owf[24];
+	struct smb_passwd *smb_pass = NULL;
 	
 	DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
 
@@ -244,15 +245,29 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
 
 #ifdef DEBUG_PASSWORD
-	DEBUG(100,("lm, nt owfs:\n"));
+	DEBUG(100,("lm, nt owfs, chal\n"));
 	dump_data(100, lm_owf, sizeof(lm_owf));
 	dump_data(100, nt_owf, sizeof(nt_owf));
+	dump_data(100, p->ntlmssp_chal.challenge, 8);
 #endif
 	become_root(True);
 	p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
-	                      p->ntlmssp_chal.challenge, lm_owf, nt_owf, NULL);
+	                      p->ntlmssp_chal.challenge, (uchar*)lm_owf, (uchar*)nt_owf, NULL);
+	smb_pass = getsmbpwnam(p->user_name);
 	unbecome_root(True);
 
+	if (p->ntlmssp_validated && smb_pass != NULL && smb_pass->smb_passwd)
+	{
+		uchar p24[24];
+		NTLMSSPOWFencrypt(smb_pass->smb_passwd, lm_owf, p24);
+		NTLMSSPhash(p->ntlmssp_hash, p24);
+		p->ntlmssp_seq_num = 0;
+	}
+	else
+	{
+		p->ntlmssp_validated = False;
+	}
+
 	return p->ntlmssp_validated;
 }
 
@@ -307,33 +322,22 @@ static struct api_cmd api_fd_commands[] =
 
 static BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *pd)
 {
-	p->ntlmssp_auth = False;
-
 	DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
 
-	if (p->hdr.auth_len != 0)
-	{
-		/* decode the authentication verifier response */
-		smb_io_rpc_hdr_autha("", &p->autha_info, pd, 0);
-		if (pd->offset == 0) return False;
+	if (p->hdr.auth_len == 0) return False;
 
-		p->ntlmssp_auth = p->auth_info.auth_type = 0x0a;
-
-		if (p->ntlmssp_auth)
-		{
-			smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
-			if (pd->offset == 0) return False;
+	/* decode the authentication verifier response */
+	smb_io_rpc_hdr_autha("", &p->autha_info, pd, 0);
+	if (pd->offset == 0) return False;
 
-			p->ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP");
-		}
+	if (!rpc_hdr_auth_chk(&(p->auth_info))) return False;
 
-		if (p->ntlmssp_auth)
-		{
-			if (!api_pipe_ntlmssp(p, pd)) return False;
-		}
-	}
+	smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
+	if (pd->offset == 0) return False;
 
-	return p->ntlmssp_auth;
+	if (!rpc_auth_verifier_chk(&(p->auth_verifier), "NTLMSSP", NTLMSSP_AUTH)) return False;
+	
+	return api_pipe_ntlmssp(p, pd);
 }
 
 static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
@@ -490,6 +494,58 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
 
 static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 {
+	BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
+	BOOL auth_seal   = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
+	int data_len;
+	int auth_len;
+	uint32 old_offset;
+	uint32 crc32;
+
+	auth_len = p->hdr.auth_len;
+
+	if (auth_len != 16 && auth_verify)
+	{
+		return False;
+	}
+
+	data_len = p->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
+	
+	DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
+	         BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
+
+	if (auth_seal)
+	{
+		char *data = (uchar*)mem_data(&pd->data, pd->offset);
+		DEBUG(5,("api_pipe_auth_process: data %d\n", pd->offset));
+		NTLMSSPcalc(p->ntlmssp_hash, data, data_len);
+		crc32 = crc32_calc_buffer(data_len, data);
+	}
+
+	/*** skip the data, record the offset so we can restore it again */
+	old_offset = pd->offset;
+
+	if (auth_seal || auth_verify)
+	{
+		pd->offset += data_len;
+		smb_io_rpc_hdr_auth("hdr_auth", &p->auth_info, pd, 0);
+	}
+
+	if (auth_verify)
+	{
+		char *req_data = (uchar*)mem_data(&pd->data, pd->offset + 4);
+		DEBUG(5,("api_pipe_auth_process: auth %d\n", pd->offset + 4));
+		NTLMSSPcalc(p->ntlmssp_hash, req_data, 12);
+		smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), pd, 0);
+
+		if (!rpc_auth_ntlmssp_chk(&(p->ntlmssp_chk), crc32,
+		                          &(p->ntlmssp_seq_num)))
+		{
+			return False;
+		}
+	}
+
+	pd->offset = old_offset;
+
 	return True;
 }
 
@@ -538,16 +594,33 @@ BOOL rpc_command(pipes_struct *p, prs_struct *pd)
 		}
 		case RPC_REQUEST:
 		{
-			reply = api_pipe_request (p, pd);
+			if (p->ntlmssp_auth && !p->ntlmssp_validated)
+			{
+				/* authentication _was_ requested
+				   and it failed.  sorry, no deal!
+				 */
+				reply = False;
+			}
+			else
+			{
+				/* read the rpc header */
+				smb_io_rpc_hdr_req("req", &(p->hdr_req), pd, 0);
+				reply = api_pipe_request(p, pd);
+			}
 			break;
 		}
 		case RPC_BINDRESP: /* not the real name! */
 		{
 			reply = api_pipe_bind_auth_resp(p, pd);
+			p->ntlmssp_auth = reply;
 			break;
 		}
 	}
 
+	if (!reply)
+	{
+		DEBUG(3,("rpc_command: DCE/RPC fault should be sent here\n"));
+	}
 
 	return reply;
 }
@@ -618,9 +691,6 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 		return False;
 	}
 
-	/* read the rpc header */
-	smb_io_rpc_hdr_req("req", &(p->hdr_req), data, 0);
-
 	/* interpret the command */
 	if (!api_rpc_command(p, rpc_name, api_rpc_cmds, data))
 	{
-- 
cgit 


From 1ebeb54932de01323356e8201d465656b8723d46 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Tue, 20 Oct 1998 18:27:49 +0000
Subject: some quite important bug-fixes i missed because i transferred the
 wrong smb.tgz file from my portable.

particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.

smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data.  rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length.  this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a)
---
 source3/rpc_server/srv_util.c | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 7ddc2da5d1..59db0bed2c 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -165,6 +165,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
 BOOL create_rpc_reply(pipes_struct *p,
 				uint32 data_start, uint32 data_end)
 {
+	char *data;
+	uint32 data_len;
+
 	DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n",
 	          data_start, data_end, p->hdr_ba.bba.max_tsize));
 
@@ -197,6 +200,8 @@ BOOL create_rpc_reply(pipes_struct *p,
 		p->hdr.frag_len = p->hdr_ba.bba.max_tsize;
 	}
 
+	data_len = p->hdr.frag_len;
+
 	p->rhdr.data->offset.start = 0;
 	p->rhdr.data->offset.end   = 0x18;
 
@@ -205,6 +210,20 @@ BOOL create_rpc_reply(pipes_struct *p,
 	smb_io_rpc_hdr   ("hdr", &(p->hdr   ), &(p->rhdr), 0);
 	smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0);
 
+	p->frag_len_left   = p->hdr.frag_len - p->file_offset;
+	p->next_frag_start = p->hdr.frag_len; 
+	
+	/* don't use rdata: use rdata_i instead, which moves... */
+	/* make a pointer to the rdata data.  NOT A COPY */
+
+	prs_init(&p->rdata_i, 0, p->rdata.align, p->rdata.data->margin, p->rdata.io);
+	data = mem_data(&(p->rdata.data), data_start);
+	mem_create(p->rdata_i.data, data, data_start, data_len, 0, False); 
+
+	/* set up the data chain */
+	prs_link(NULL    , &p->rhdr   , &p->rdata_i);
+	prs_link(&p->rhdr, &p->rdata_i, NULL       );
+
 	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
 }
 
@@ -703,18 +722,6 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 		return False;
 	}
 
-	p->frag_len_left   = p->hdr.frag_len - p->file_offset;
-	p->next_frag_start = p->hdr.frag_len; 
-	
-	/* set up the data chain */
-	p->rhdr.data->offset.start = 0;
-	p->rhdr.data->offset.end   = p->rhdr.offset;
-	p->rhdr.data->next = p->rdata.data;
-
-	p->rdata.data->offset.start = p->rhdr.data->offset.end;
-	p->rdata.data->offset.end   = p->rhdr.data->offset.end + p->rdata.offset;
-	p->rdata.data->next = NULL;
-
 	return True;
 }
 
-- 
cgit 


From 89087385fe1da642ff80d0558c72817c276f631b Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Tue, 20 Oct 1998 22:25:52 +0000
Subject: dce/rpc.  bug-fix in ipc.c (introduced today :) (This used to be
 commit 48ff3e2429964404c8bf33ef625791147913a3c0)

---
 source3/rpc_server/srv_util.c | 114 ++++++++++++++++++++++++++++++++----------
 1 file changed, 87 insertions(+), 27 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 59db0bed2c..0cb730470e 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -166,18 +166,29 @@ BOOL create_rpc_reply(pipes_struct *p,
 				uint32 data_start, uint32 data_end)
 {
 	char *data;
+	BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
+	BOOL auth_seal   = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
 	uint32 data_len;
+	uint32 auth_len;
 
 	DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n",
 	          data_start, data_end, p->hdr_ba.bba.max_tsize));
 
-	mem_buf_init(&(p->rhdr.data), 0);
-	mem_alloc_data(p->rhdr.data, 0x18);
+	auth_len = p->hdr.auth_len;
 
-	p->rhdr.align = 4;
-	p->rhdr.io = False;
+	if (p->ntlmssp_auth)
+	{
+		DEBUG(10,("create_rpc_reply: auth\n"));
+		if (auth_len != 16)
+		{
+			return False;
+		}
+	}
+
+	prs_init(&p->rhdr , 0x18, 4, 0, False);
+	prs_init(&p->rauth, 1024, 4, 0, False);
+	prs_init(&p->rverf, 0x08, 4, 0, False);
 
-	p->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
 	p->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
 
 	/* set up rpc header (fragmentation issues) */
@@ -190,6 +201,8 @@ BOOL create_rpc_reply(pipes_struct *p,
 		p->hdr.flags = 0;
 	}
 
+	p->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
+
 	if (p->hdr_resp.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
 	{
 		p->hdr.flags |= RPC_FLG_LAST;
@@ -200,30 +213,83 @@ BOOL create_rpc_reply(pipes_struct *p,
 		p->hdr.frag_len = p->hdr_ba.bba.max_tsize;
 	}
 
-	data_len = p->hdr.frag_len;
+	if (p->ntlmssp_auth)
+	{
+		p->hdr_resp.alloc_hint -= auth_len - 16;
+	}
+
+	if (p->ntlmssp_auth)
+	{
+		data_len = p->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
+	}
+	else
+	{
+		data_len = p->hdr.frag_len;
+	}
 
 	p->rhdr.data->offset.start = 0;
 	p->rhdr.data->offset.end   = 0x18;
 
 	/* store the header in the data stream */
-	p->rhdr.offset = 0;
-	smb_io_rpc_hdr   ("hdr", &(p->hdr   ), &(p->rhdr), 0);
+	smb_io_rpc_hdr     ("hdr" , &(p->hdr     ), &(p->rhdr), 0);
 	smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0);
 
-	p->frag_len_left   = p->hdr.frag_len - p->file_offset;
-	p->next_frag_start = p->hdr.frag_len; 
-	
 	/* don't use rdata: use rdata_i instead, which moves... */
-	/* make a pointer to the rdata data.  NOT A COPY */
+	/* make a pointer to the rdata data, NOT A COPY */
 
+	p->rdata_i.data = NULL;
 	prs_init(&p->rdata_i, 0, p->rdata.align, p->rdata.data->margin, p->rdata.io);
 	data = mem_data(&(p->rdata.data), data_start);
-	mem_create(p->rdata_i.data, data, data_start, data_len, 0, False); 
+	mem_create(p->rdata_i.data, data, 0, data_len, 0, False); 
+	p->rdata_i.offset = data_len;
+
+	if (auth_len > 0)
+	{
+		uint32 crc32;
+
+		DEBUG(5,("create_rpc_reply: sign: %s seal: %s data %d auth %d\n",
+			 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
+
+		if (auth_seal)
+		{
+			NTLMSSPcalc(p->ntlmssp_hash, data, data_len);
+			crc32 = crc32_calc_buffer(data_len, data);
+		}
+
+		if (auth_seal || auth_verify)
+		{
+			make_rpc_hdr_auth(&p->auth_info, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
+			smb_io_rpc_hdr_auth("hdr_auth", &p->auth_info, &p->rauth, 0);
+		}
+
+		if (auth_verify)
+		{
+			char *auth_data;
+			make_rpc_auth_ntlmssp_chk(&p->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, p->ntlmssp_seq_num);
+			smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), &p->rverf, 0);
+			auth_data = (uchar*)mem_data(&p->rverf.data, 4);
+			NTLMSSPcalc(p->ntlmssp_hash, auth_data, 12);
+		}
+	}
 
 	/* set up the data chain */
-	prs_link(NULL    , &p->rhdr   , &p->rdata_i);
-	prs_link(&p->rhdr, &p->rdata_i, NULL       );
+	if (p->ntlmssp_auth)
+	{
+		prs_link(NULL       , &p->rhdr   , &p->rdata_i);
+		prs_link(&p->rhdr   , &p->rdata_i, &p->rauth  );
+		prs_link(&p->rdata_i, &p->rauth  , &p->rverf  );
+		prs_link(&p->rauth  , &p->rverf  , NULL       );
+	}
+	else
+	{
+		prs_link(NULL    , &p->rhdr   , &p->rdata_i);
+		prs_link(&p->rhdr, &p->rdata_i, NULL       );
+	}
 
+	/* indicate to subsequent data reads where we are up to */
+	p->frag_len_left   = p->hdr.frag_len - p->file_offset;
+	p->next_frag_start = p->hdr.frag_len; 
+	
 	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
 }
 
@@ -271,7 +337,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 #endif
 	become_root(True);
 	p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
-	                      p->ntlmssp_chal.challenge, (uchar*)lm_owf, (uchar*)nt_owf, NULL);
+	                      (uchar*)p->ntlmssp_chal.challenge,
+	                      (char*)lm_owf, (char*)nt_owf, NULL);
 	smb_pass = getsmbpwnam(p->user_name);
 	unbecome_root(True);
 
@@ -418,7 +485,7 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
 	DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
 
 	prs_init(&(p->rdata), 1024, 4, 0, False);
-	prs_init(&(p->rhdr ), 0x10, 4, 0, False);
+	prs_init(&(p->rhdr ), 0x18, 4, 0, False);
 	prs_init(&(p->rauth), 1024, 4, 0, False);
 	prs_init(&(p->rverf), 0x08, 4, 0, False);
 	prs_init(&(p->rntlm), 1024, 4, 0, False);
@@ -561,6 +628,7 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 		{
 			return False;
 		}
+		p->ntlmssp_seq_num = 0;
 	}
 
 	pd->offset = old_offset;
@@ -671,17 +739,9 @@ static BOOL api_rpc_command(pipes_struct *p,
 	}
 
 	/* start off with 1024 bytes, and a large safety margin too */
-	mem_buf_init(&(p->rdata.data), SAFETY_MARGIN);
-	mem_alloc_data(p->rdata.data, 1024);
-
-	p->rdata.io = False;
-	p->rdata.align = 4;
-
-	p->rdata.data->offset.start = 0;
-	p->rdata.data->offset.end   = 0xffffffff;
+	prs_init(&p->rdata, 1024, 4, SAFETY_MARGIN, False);
 
 	/* do the actual command */
-	p->rdata.offset = 0; 
 	api_rpc_cmds[fn_num].fn(p->vuid, data, &(p->rdata));
 
 	if (p->rdata.data == NULL || p->rdata.offset == 0)
@@ -717,7 +777,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 	}
 
 	/* create the rpc header */
-	if (!create_rpc_reply(p, 0, p->rdata.offset))
+	if (!create_rpc_reply(p, 0, p->rdata.offset + (p->ntlmssp_auth ? (16 + 16) : 0)))
 	{
 		return False;
 	}
-- 
cgit 


From d8f0e60195ff8447df9235f60095c4e2bb4561e7 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Tue, 20 Oct 1998 22:37:44 +0000
Subject: signed / unsigned warnings (found by herb). how do i switch on these
 warnings in gcc????? (This used to be commit
 39db385a0c47c11adb6bf3bac89c4bb76f675049)

---
 source3/rpc_server/srv_util.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 0cb730470e..1c57efc3f4 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -252,7 +252,7 @@ BOOL create_rpc_reply(pipes_struct *p,
 
 		if (auth_seal)
 		{
-			NTLMSSPcalc(p->ntlmssp_hash, data, data_len);
+			NTLMSSPcalc(p->ntlmssp_hash, (uchar*)data, data_len);
 			crc32 = crc32_calc_buffer(data_len, data);
 		}
 
@@ -267,8 +267,8 @@ BOOL create_rpc_reply(pipes_struct *p,
 			char *auth_data;
 			make_rpc_auth_ntlmssp_chk(&p->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, p->ntlmssp_seq_num);
 			smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), &p->rverf, 0);
-			auth_data = (uchar*)mem_data(&p->rverf.data, 4);
-			NTLMSSPcalc(p->ntlmssp_hash, auth_data, 12);
+			auth_data = mem_data(&p->rverf.data, 4);
+			NTLMSSPcalc(p->ntlmssp_hash, (uchar*)auth_data, 12);
 		}
 	}
 
@@ -601,9 +601,9 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 
 	if (auth_seal)
 	{
-		char *data = (uchar*)mem_data(&pd->data, pd->offset);
+		char *data = mem_data(&pd->data, pd->offset);
 		DEBUG(5,("api_pipe_auth_process: data %d\n", pd->offset));
-		NTLMSSPcalc(p->ntlmssp_hash, data, data_len);
+		NTLMSSPcalc(p->ntlmssp_hash, (uchar*)data, data_len);
 		crc32 = crc32_calc_buffer(data_len, data);
 	}
 
@@ -618,9 +618,9 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 
 	if (auth_verify)
 	{
-		char *req_data = (uchar*)mem_data(&pd->data, pd->offset + 4);
+		char *req_data = mem_data(&pd->data, pd->offset + 4);
 		DEBUG(5,("api_pipe_auth_process: auth %d\n", pd->offset + 4));
-		NTLMSSPcalc(p->ntlmssp_hash, req_data, 12);
+		NTLMSSPcalc(p->ntlmssp_hash, (uchar*)req_data, 12);
 		smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), pd, 0);
 
 		if (!rpc_auth_ntlmssp_chk(&(p->ntlmssp_chk), crc32,
-- 
cgit 


From 9307940876a6c226969e9169d55c0408cd7ab032 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 21 Oct 1998 01:35:01 +0000
Subject: fixing smbd encrypted rpcs (data lens, alloc hints, sequence nums
 argh).

put unicode strings after SAMLOGON query regardless of whether it's
an NT mailslot or a non-NT mailslot, after having observed this behaviour
out of NT machines.
(This used to be commit c101113ec20ed0ba633e78e4ee45596cdccaf1b5)
---
 source3/rpc_server/srv_util.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 1c57efc3f4..fde654bcc4 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -215,7 +215,7 @@ BOOL create_rpc_reply(pipes_struct *p,
 
 	if (p->ntlmssp_auth)
 	{
-		p->hdr_resp.alloc_hint -= auth_len - 16;
+		p->hdr_resp.alloc_hint -= auth_len + 8;
 	}
 
 	if (p->ntlmssp_auth)
@@ -252,8 +252,8 @@ BOOL create_rpc_reply(pipes_struct *p,
 
 		if (auth_seal)
 		{
-			NTLMSSPcalc(p->ntlmssp_hash, (uchar*)data, data_len);
 			crc32 = crc32_calc_buffer(data_len, data);
+			NTLMSSPcalc(p->ntlmssp_hash, (uchar*)data, data_len);
 		}
 
 		if (auth_seal || auth_verify)
@@ -265,7 +265,8 @@ BOOL create_rpc_reply(pipes_struct *p,
 		if (auth_verify)
 		{
 			char *auth_data;
-			make_rpc_auth_ntlmssp_chk(&p->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, p->ntlmssp_seq_num);
+			p->ntlmssp_seq_num++;
+			make_rpc_auth_ntlmssp_chk(&p->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, p->ntlmssp_seq_num++);
 			smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), &p->rverf, 0);
 			auth_data = mem_data(&p->rverf.data, 4);
 			NTLMSSPcalc(p->ntlmssp_hash, (uchar*)auth_data, 12);
@@ -624,11 +625,10 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 		smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), pd, 0);
 
 		if (!rpc_auth_ntlmssp_chk(&(p->ntlmssp_chk), crc32,
-		                          &(p->ntlmssp_seq_num)))
+		                          p->ntlmssp_seq_num))
 		{
 			return False;
 		}
-		p->ntlmssp_seq_num = 0;
 	}
 
 	pd->offset = old_offset;
@@ -777,7 +777,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 	}
 
 	/* create the rpc header */
-	if (!create_rpc_reply(p, 0, p->rdata.offset + (p->ntlmssp_auth ? (16 + 16) : 0)))
+	if (!create_rpc_reply(p, 0, p->rdata.offset + (p->ntlmssp_auth ? (16 + 8) : 0)))
 	{
 		return False;
 	}
-- 
cgit 


From 6e3af45afe237790f1d7cd94ab2b22e1ca772157 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 21 Oct 1998 16:58:34 +0000
Subject: Fixed mainly signed/unsigned issues found by SGI cc in -fullwarn
 mode. smbd/chgpasswd.c: Fixed (my) stupid bug where I was returning stack
 based variables. Doh ! smbd/trans2.c: Allows SETFILEINFO as well as QFILEINFO
 on directory handles. Jeremy. (This used to be commit
 0b44d27d0b5cc3948a6c2d78370ccddf1a84cd80)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index fde654bcc4..3269ab4e61 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -339,7 +339,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	become_root(True);
 	p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
 	                      (uchar*)p->ntlmssp_chal.challenge,
-	                      (char*)lm_owf, (char*)nt_owf, NULL);
+	                      lm_owf, nt_owf, NULL);
 	smb_pass = getsmbpwnam(p->user_name);
 	unbecome_root(True);
 
-- 
cgit 


From 21e107fd42eb953affac28239588458c6c0ee323 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 21 Oct 1998 21:11:16 +0000
Subject: the next dialog: user-groups.  it's not very sensible what appears,
 but hey: it appears! (This used to be commit
 399035098f212e976cc0000a215e0705ebe78c05)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 3269ab4e61..4756d2f338 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -224,7 +224,7 @@ BOOL create_rpc_reply(pipes_struct *p,
 	}
 	else
 	{
-		data_len = p->hdr.frag_len;
+		data_len = p->hdr.frag_len - 0x18;
 	}
 
 	p->rhdr.data->offset.start = 0;
-- 
cgit 


From eadc5b8c6ecdd6892647d391e1976b2c708d1ea0 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 21 Oct 1998 22:36:26 +0000
Subject: domain aliases added a bit better: does local aliases if you query
 for sid S-1-5-20 and does (nothing at the moment) if you query for your own
 sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)

---
 source3/rpc_server/srv_util.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 4756d2f338..b3557c7768 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -42,7 +42,6 @@
 #include "nterr.h"
 
 extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
 
 /*
  * A list of the rids of well known BUILTIN and Domain users
-- 
cgit 


From 1ee499385c1ea0b4add82d3d4513ea997d048af1 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 22 Oct 1998 16:55:03 +0000
Subject: libsmb/smbdes.c: #ifdef'ed out code prior to removal.
 rpc_client/cli_pipe.c: Inlined code removed from smbdes.c
 rpc_server/srv_samr.c: Fixed unused variable warning. rpc_server/srv_util.c:
 Inlined code removed from smbdes.c

Luke - the above changes are the first part of the changes
you and I discussed as being neccessary at the CIFS conference.
*PLEASE REVIEW THESE CHANGES* - make sure I haven't broken
any of the authenticated DCE/RPC code.

smbd/nttrans.c: Fixed to allow NT5.0beta2 to use Samba shares
                with NT SMB support.
smbd/open.c: Fixed mkdir when called from nttrans calls.
smbd/server.c: Set correct size for strcpy of global_myworkgroup.

Jeremy.
(This used to be commit d891421d16ff80998dee429227bd391455f9d1a1)
---
 source3/rpc_server/srv_util.c | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index b3557c7768..51df42cdff 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -346,7 +346,37 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	{
 		uchar p24[24];
 		NTLMSSPOWFencrypt(smb_pass->smb_passwd, lm_owf, p24);
-		NTLMSSPhash(p->ntlmssp_hash, p24);
+		{
+			unsigned char j = 0;
+			int ind;
+
+			unsigned char k2[8];
+
+			memcpy(k2, p24, 5);
+			k2[5] = 0xe5;
+			k2[6] = 0x38;
+			k2[7] = 0xb0;
+
+			for (ind = 0; ind < 256; ind++)
+			{
+				p->ntlmssp_hash[ind] = (unsigned char)ind;
+			}
+
+			for( ind = 0; ind < 256; ind++)
+			{
+				unsigned char tc;
+
+				j += (p->ntlmssp_hash[ind] + k2[ind%8]);
+
+				tc = p->ntlmssp_hash[ind];
+				p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
+				p->ntlmssp_hash[j] = tc;
+			}
+
+			p->ntlmssp_hash[256] = 0;
+			p->ntlmssp_hash[257] = 0;
+		}
+/*		NTLMSSPhash(p->ntlmssp_hash, p24); */
 		p->ntlmssp_seq_num = 0;
 	}
 	else
-- 
cgit 


From 10a9addc222b29acdcfe6afed0597dd17551fa5c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 12 Nov 1998 04:17:54 +0000
Subject: Moved some code (NTLMSSPcalc) out of smbdes and inline for paranioa
 resons and my own piece of mind... Jeremy. (This used to be commit
 45131501f23ce1eec2f23fe2c1060cd5a2736ec9)

---
 source3/rpc_server/srv_util.c | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 51df42cdff..161f845af3 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -154,6 +154,33 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
   return count;
 }
 
+static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
+{
+    unsigned char *hash = p->ntlmssp_hash;
+    unsigned char index_i = hash[256];
+    unsigned char index_j = hash[257];
+    int ind;
+
+    for( ind = 0; ind < len; ind++)
+    {
+        unsigned char tc;
+        unsigned char t;
+
+        index_i++;
+        index_j += hash[index_i];
+
+        tc = hash[index_i];
+        hash[index_i] = hash[index_j];
+        hash[index_j] = tc;
+
+        t = hash[index_i] + hash[index_j];
+        data[ind] = data[ind] ^ hash[t];
+    }
+
+    hash[256] = index_i;
+    hash[257] = index_j;
+}
+
 /*******************************************************************
  turns a DCE/RPC request into a DCE/RPC reply
 
@@ -252,7 +279,7 @@ BOOL create_rpc_reply(pipes_struct *p,
 		if (auth_seal)
 		{
 			crc32 = crc32_calc_buffer(data_len, data);
-			NTLMSSPcalc(p->ntlmssp_hash, (uchar*)data, data_len);
+			NTLMSSPcalc_p(p, (uchar*)data, data_len);
 		}
 
 		if (auth_seal || auth_verify)
@@ -268,7 +295,7 @@ BOOL create_rpc_reply(pipes_struct *p,
 			make_rpc_auth_ntlmssp_chk(&p->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, p->ntlmssp_seq_num++);
 			smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), &p->rverf, 0);
 			auth_data = mem_data(&p->rverf.data, 4);
-			NTLMSSPcalc(p->ntlmssp_hash, (uchar*)auth_data, 12);
+			NTLMSSPcalc_p(p, (uchar*)auth_data, 12);
 		}
 	}
 
@@ -633,7 +660,7 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 	{
 		char *data = mem_data(&pd->data, pd->offset);
 		DEBUG(5,("api_pipe_auth_process: data %d\n", pd->offset));
-		NTLMSSPcalc(p->ntlmssp_hash, (uchar*)data, data_len);
+		NTLMSSPcalc_p(p, (uchar*)data, data_len);
 		crc32 = crc32_calc_buffer(data_len, data);
 	}
 
@@ -650,7 +677,7 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 	{
 		char *req_data = mem_data(&pd->data, pd->offset + 4);
 		DEBUG(5,("api_pipe_auth_process: auth %d\n", pd->offset + 4));
-		NTLMSSPcalc(p->ntlmssp_hash, (uchar*)req_data, 12);
+		NTLMSSPcalc_p(p, (uchar*)req_data, 12);
 		smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), pd, 0);
 
 		if (!rpc_auth_ntlmssp_chk(&(p->ntlmssp_chk), crc32,
-- 
cgit 


From 5b863af4c0179f0bee17e77690d99a54cc762531 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Thu, 12 Nov 1998 16:07:00 +0000
Subject: cleaning up conflicts between group code not yet committed and
 changes from yesterday by me, jeremy and andrew.

jeremy, your ACB_PWNOTREQ mod would have caused a crash if the user
didn't exist (first check should be for smb_pass != NULL)
(This used to be commit cbac0f165d351ba9497c222e55e453d781376e58)
---
 source3/rpc_server/srv_util.c | 687 ------------------------------------------
 1 file changed, 687 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 161f845af3..097ab92d76 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -154,693 +154,6 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
   return count;
 }
 
-static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
-{
-    unsigned char *hash = p->ntlmssp_hash;
-    unsigned char index_i = hash[256];
-    unsigned char index_j = hash[257];
-    int ind;
-
-    for( ind = 0; ind < len; ind++)
-    {
-        unsigned char tc;
-        unsigned char t;
-
-        index_i++;
-        index_j += hash[index_i];
-
-        tc = hash[index_i];
-        hash[index_i] = hash[index_j];
-        hash[index_j] = tc;
-
-        t = hash[index_i] + hash[index_j];
-        data[ind] = data[ind] ^ hash[t];
-    }
-
-    hash[256] = index_i;
-    hash[257] = index_j;
-}
-
-/*******************************************************************
- turns a DCE/RPC request into a DCE/RPC reply
-
- this is where the data really should be split up into an array of
- headers and data sections.
-
- ********************************************************************/
-BOOL create_rpc_reply(pipes_struct *p,
-				uint32 data_start, uint32 data_end)
-{
-	char *data;
-	BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
-	BOOL auth_seal   = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
-	uint32 data_len;
-	uint32 auth_len;
-
-	DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n",
-	          data_start, data_end, p->hdr_ba.bba.max_tsize));
-
-	auth_len = p->hdr.auth_len;
-
-	if (p->ntlmssp_auth)
-	{
-		DEBUG(10,("create_rpc_reply: auth\n"));
-		if (auth_len != 16)
-		{
-			return False;
-		}
-	}
-
-	prs_init(&p->rhdr , 0x18, 4, 0, False);
-	prs_init(&p->rauth, 1024, 4, 0, False);
-	prs_init(&p->rverf, 0x08, 4, 0, False);
-
-	p->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
-
-	/* set up rpc header (fragmentation issues) */
-	if (data_start == 0)
-	{
-		p->hdr.flags = RPC_FLG_FIRST;
-	}
-	else
-	{
-		p->hdr.flags = 0;
-	}
-
-	p->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
-
-	if (p->hdr_resp.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
-	{
-		p->hdr.flags |= RPC_FLG_LAST;
-		p->hdr.frag_len = p->hdr_resp.alloc_hint + 0x18;
-	}
-	else
-	{
-		p->hdr.frag_len = p->hdr_ba.bba.max_tsize;
-	}
-
-	if (p->ntlmssp_auth)
-	{
-		p->hdr_resp.alloc_hint -= auth_len + 8;
-	}
-
-	if (p->ntlmssp_auth)
-	{
-		data_len = p->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
-	}
-	else
-	{
-		data_len = p->hdr.frag_len - 0x18;
-	}
-
-	p->rhdr.data->offset.start = 0;
-	p->rhdr.data->offset.end   = 0x18;
-
-	/* store the header in the data stream */
-	smb_io_rpc_hdr     ("hdr" , &(p->hdr     ), &(p->rhdr), 0);
-	smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0);
-
-	/* don't use rdata: use rdata_i instead, which moves... */
-	/* make a pointer to the rdata data, NOT A COPY */
-
-	p->rdata_i.data = NULL;
-	prs_init(&p->rdata_i, 0, p->rdata.align, p->rdata.data->margin, p->rdata.io);
-	data = mem_data(&(p->rdata.data), data_start);
-	mem_create(p->rdata_i.data, data, 0, data_len, 0, False); 
-	p->rdata_i.offset = data_len;
-
-	if (auth_len > 0)
-	{
-		uint32 crc32;
-
-		DEBUG(5,("create_rpc_reply: sign: %s seal: %s data %d auth %d\n",
-			 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
-
-		if (auth_seal)
-		{
-			crc32 = crc32_calc_buffer(data_len, data);
-			NTLMSSPcalc_p(p, (uchar*)data, data_len);
-		}
-
-		if (auth_seal || auth_verify)
-		{
-			make_rpc_hdr_auth(&p->auth_info, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
-			smb_io_rpc_hdr_auth("hdr_auth", &p->auth_info, &p->rauth, 0);
-		}
-
-		if (auth_verify)
-		{
-			char *auth_data;
-			p->ntlmssp_seq_num++;
-			make_rpc_auth_ntlmssp_chk(&p->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, p->ntlmssp_seq_num++);
-			smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), &p->rverf, 0);
-			auth_data = mem_data(&p->rverf.data, 4);
-			NTLMSSPcalc_p(p, (uchar*)auth_data, 12);
-		}
-	}
-
-	/* set up the data chain */
-	if (p->ntlmssp_auth)
-	{
-		prs_link(NULL       , &p->rhdr   , &p->rdata_i);
-		prs_link(&p->rhdr   , &p->rdata_i, &p->rauth  );
-		prs_link(&p->rdata_i, &p->rauth  , &p->rverf  );
-		prs_link(&p->rauth  , &p->rverf  , NULL       );
-	}
-	else
-	{
-		prs_link(NULL    , &p->rhdr   , &p->rdata_i);
-		prs_link(&p->rhdr, &p->rdata_i, NULL       );
-	}
-
-	/* indicate to subsequent data reads where we are up to */
-	p->frag_len_left   = p->hdr.frag_len - p->file_offset;
-	p->next_frag_start = p->hdr.frag_len; 
-	
-	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
-}
-
-static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
-{
-	uchar lm_owf[24];
-	uchar nt_owf[24];
-	struct smb_passwd *smb_pass = NULL;
-	
-	DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
-
-	if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
-	if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
-	if (p->ntlmssp_resp.hdr_usr    .str_str_len == 0) return False;
-	if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
-	if (p->ntlmssp_resp.hdr_wks    .str_str_len == 0) return False;
-
-	memset(p->user_name, 0, sizeof(p->user_name));
-	memset(p->domain   , 0, sizeof(p->domain   ));
-	memset(p->wks      , 0, sizeof(p->wks      ));
-
-	if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
-	{
-		fstrcpy(p->user_name, unistrn2((uint16*)p->ntlmssp_resp.user  , p->ntlmssp_resp.hdr_usr   .str_str_len/2));
-		fstrcpy(p->domain   , unistrn2((uint16*)p->ntlmssp_resp.domain, p->ntlmssp_resp.hdr_domain.str_str_len/2));
-		fstrcpy(p->wks      , unistrn2((uint16*)p->ntlmssp_resp.wks   , p->ntlmssp_resp.hdr_wks   .str_str_len/2));
-	}
-	else
-	{
-		fstrcpy(p->user_name, p->ntlmssp_resp.user  );
-		fstrcpy(p->domain   , p->ntlmssp_resp.domain);
-		fstrcpy(p->wks      , p->ntlmssp_resp.wks   );
-	}
-
-	DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
-
-	memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
-	memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
-
-#ifdef DEBUG_PASSWORD
-	DEBUG(100,("lm, nt owfs, chal\n"));
-	dump_data(100, lm_owf, sizeof(lm_owf));
-	dump_data(100, nt_owf, sizeof(nt_owf));
-	dump_data(100, p->ntlmssp_chal.challenge, 8);
-#endif
-	become_root(True);
-	p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
-	                      (uchar*)p->ntlmssp_chal.challenge,
-	                      lm_owf, nt_owf, NULL);
-	smb_pass = getsmbpwnam(p->user_name);
-	unbecome_root(True);
-
-	if (p->ntlmssp_validated && smb_pass != NULL && smb_pass->smb_passwd)
-	{
-		uchar p24[24];
-		NTLMSSPOWFencrypt(smb_pass->smb_passwd, lm_owf, p24);
-		{
-			unsigned char j = 0;
-			int ind;
-
-			unsigned char k2[8];
-
-			memcpy(k2, p24, 5);
-			k2[5] = 0xe5;
-			k2[6] = 0x38;
-			k2[7] = 0xb0;
-
-			for (ind = 0; ind < 256; ind++)
-			{
-				p->ntlmssp_hash[ind] = (unsigned char)ind;
-			}
-
-			for( ind = 0; ind < 256; ind++)
-			{
-				unsigned char tc;
-
-				j += (p->ntlmssp_hash[ind] + k2[ind%8]);
-
-				tc = p->ntlmssp_hash[ind];
-				p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
-				p->ntlmssp_hash[j] = tc;
-			}
-
-			p->ntlmssp_hash[256] = 0;
-			p->ntlmssp_hash[257] = 0;
-		}
-/*		NTLMSSPhash(p->ntlmssp_hash, p24); */
-		p->ntlmssp_seq_num = 0;
-	}
-	else
-	{
-		p->ntlmssp_validated = False;
-	}
-
-	return p->ntlmssp_validated;
-}
-
-static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
-{
-	/* receive a negotiate; send a challenge; receive a response */
-	switch (p->auth_verifier.msg_type)
-	{
-		case NTLMSSP_NEGOTIATE:
-		{
-			smb_io_rpc_auth_ntlmssp_neg("", &p->ntlmssp_neg, pd, 0);
-			break;
-		}
-		case NTLMSSP_AUTH:
-		{
-			smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0);
-			if (!api_pipe_ntlmssp_verify(p))
-			{
-				pd->offset = 0;
-			}
-			break;
-		}
-		default:
-		{
-			/* NTLMSSP expected: unexpected message type */
-			DEBUG(3,("unexpected message type in NTLMSSP %d\n",
-			          p->auth_verifier.msg_type));
-			return False;
-		}
-	}
-
-	return (pd->offset != 0);
-}
-
-struct api_cmd
-{
-  char * pipe_clnt_name;
-  char * pipe_srv_name;
-  BOOL (*fn) (pipes_struct *, prs_struct *);
-};
-
-static struct api_cmd api_fd_commands[] =
-{
-    { "lsarpc",   "lsass",   api_ntlsa_rpc },
-    { "samr",     "lsass",   api_samr_rpc },
-    { "srvsvc",   "ntsvcs",  api_srvsvc_rpc },
-    { "wkssvc",   "ntsvcs",  api_wkssvc_rpc },
-    { "NETLOGON", "lsass",   api_netlog_rpc },
-    { "winreg",   "winreg",  api_reg_rpc },
-    { NULL,       NULL,      NULL }
-};
-
-static BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *pd)
-{
-	DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
-
-	if (p->hdr.auth_len == 0) return False;
-
-	/* decode the authentication verifier response */
-	smb_io_rpc_hdr_autha("", &p->autha_info, pd, 0);
-	if (pd->offset == 0) return False;
-
-	if (!rpc_hdr_auth_chk(&(p->auth_info))) return False;
-
-	smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
-	if (pd->offset == 0) return False;
-
-	if (!rpc_auth_verifier_chk(&(p->auth_verifier), "NTLMSSP", NTLMSSP_AUTH)) return False;
-	
-	return api_pipe_ntlmssp(p, pd);
-}
-
-static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
-{
-	uint16 assoc_gid;
-	fstring ack_pipe_name;
-	int i = 0;
-
-	p->ntlmssp_auth = False;
-
-	DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
-
-	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
-	{
-		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
-		    api_fd_commands[i].fn != NULL)
-		{
-			DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
-			           api_fd_commands[i].pipe_clnt_name,
-			           api_fd_commands[i].pipe_srv_name));
-			fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name);
-			break;
-		}
-	}
-
-	if (api_fd_commands[i].fn == NULL) return False;
-
-	/* decode the bind request */
-	smb_io_rpc_hdr_rb("", &p->hdr_rb, pd, 0);
-
-	if (pd->offset == 0) return False;
-
-	if (p->hdr.auth_len != 0)
-	{
-		/* decode the authentication verifier */
-		smb_io_rpc_hdr_auth    ("", &p->auth_info    , pd, 0);
-		if (pd->offset == 0) return False;
-
-		p->ntlmssp_auth = p->auth_info.auth_type = 0x0a;
-
-		if (p->ntlmssp_auth)
-		{
-			smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
-			if (pd->offset == 0) return False;
-
-			p->ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP");
-		}
-
-		if (p->ntlmssp_auth)
-		{
-			if (!api_pipe_ntlmssp(p, pd)) return False;
-		}
-	}
-
-	/* name has to be \PIPE\xxxxx */
-	fstrcpy(ack_pipe_name, "\\PIPE\\");
-	fstrcat(ack_pipe_name, p->pipe_srv_name);
-
-	DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
-
-	prs_init(&(p->rdata), 1024, 4, 0, False);
-	prs_init(&(p->rhdr ), 0x18, 4, 0, False);
-	prs_init(&(p->rauth), 1024, 4, 0, False);
-	prs_init(&(p->rverf), 0x08, 4, 0, False);
-	prs_init(&(p->rntlm), 1024, 4, 0, False);
-
-	/***/
-	/*** do the bind ack first ***/
-	/***/
-
-	if (p->ntlmssp_auth)
-	{
-		assoc_gid = 0x7a77;
-	}
-	else
-	{
-		assoc_gid = p->hdr_rb.bba.assoc_gid;
-	}
-
-	make_rpc_hdr_ba(&p->hdr_ba,
-	                p->hdr_rb.bba.max_tsize,
-	                p->hdr_rb.bba.max_rsize,
-	                assoc_gid,
-	                ack_pipe_name,
-	                0x1, 0x0, 0x0,
-	                &(p->hdr_rb.transfer));
-
-	smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0);
-	mem_realloc_data(p->rdata.data, p->rdata.offset);
-
-	/***/
-	/*** now the authentication ***/
-	/***/
-
-	if (p->ntlmssp_auth)
-	{
-		uint8 challenge[8];
-		generate_random_buffer(challenge, 8, False);
-
-		/*** authentication info ***/
-
-		make_rpc_hdr_auth(&p->auth_info, 0x0a, 0x06, 0, 1);
-		smb_io_rpc_hdr_auth("", &p->auth_info, &p->rverf, 0);
-		mem_realloc_data(p->rverf.data, p->rverf.offset);
-
-		/*** NTLMSSP verifier ***/
-
-		make_rpc_auth_verifier(&p->auth_verifier,
-		                       "NTLMSSP", NTLMSSP_CHALLENGE);
-		smb_io_rpc_auth_verifier("", &p->auth_verifier, &p->rauth, 0);
-		mem_realloc_data(p->rauth.data, p->rauth.offset);
-
-		/* NTLMSSP challenge ***/
-
-		make_rpc_auth_ntlmssp_chal(&p->ntlmssp_chal,
-		                           0x000082b1, challenge);
-		smb_io_rpc_auth_ntlmssp_chal("", &p->ntlmssp_chal, &p->rntlm, 0);
-		mem_realloc_data(p->rntlm.data, p->rntlm.offset);
-	}
-
-	/***/
-	/*** then do the header, now we know the length ***/
-	/***/
-
-	make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST,
-	             p->hdr.call_id,
-	             p->rdata.offset + p->rverf.offset + p->rauth.offset + p->rntlm.offset + 0x10,
-	             p->rauth.offset + p->rntlm.offset);
-
-	smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0);
-	mem_realloc_data(p->rhdr.data, p->rdata.offset);
-
-	/***/
-	/*** link rpc header, bind acknowledgment and authentication responses ***/
-	/***/
-
-	if (p->ntlmssp_auth)
-	{
-		prs_link(NULL     , &p->rhdr , &p->rdata);
-		prs_link(&p->rhdr , &p->rdata, &p->rverf);
-		prs_link(&p->rdata, &p->rverf, &p->rauth);
-		prs_link(&p->rverf, &p->rauth, &p->rntlm);
-		prs_link(&p->rauth, &p->rntlm, NULL     );
-	}
-	else
-	{
-		prs_link(NULL    , &p->rhdr , &p->rdata);
-		prs_link(&p->rhdr, &p->rdata, NULL     );
-	}
-
-	return True;
-}
-
-
-static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
-{
-	BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
-	BOOL auth_seal   = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
-	int data_len;
-	int auth_len;
-	uint32 old_offset;
-	uint32 crc32;
-
-	auth_len = p->hdr.auth_len;
-
-	if (auth_len != 16 && auth_verify)
-	{
-		return False;
-	}
-
-	data_len = p->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
-	
-	DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
-	         BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
-
-	if (auth_seal)
-	{
-		char *data = mem_data(&pd->data, pd->offset);
-		DEBUG(5,("api_pipe_auth_process: data %d\n", pd->offset));
-		NTLMSSPcalc_p(p, (uchar*)data, data_len);
-		crc32 = crc32_calc_buffer(data_len, data);
-	}
-
-	/*** skip the data, record the offset so we can restore it again */
-	old_offset = pd->offset;
-
-	if (auth_seal || auth_verify)
-	{
-		pd->offset += data_len;
-		smb_io_rpc_hdr_auth("hdr_auth", &p->auth_info, pd, 0);
-	}
-
-	if (auth_verify)
-	{
-		char *req_data = mem_data(&pd->data, pd->offset + 4);
-		DEBUG(5,("api_pipe_auth_process: auth %d\n", pd->offset + 4));
-		NTLMSSPcalc_p(p, (uchar*)req_data, 12);
-		smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), pd, 0);
-
-		if (!rpc_auth_ntlmssp_chk(&(p->ntlmssp_chk), crc32,
-		                          p->ntlmssp_seq_num))
-		{
-			return False;
-		}
-	}
-
-	pd->offset = old_offset;
-
-	return True;
-}
-
-static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
-{
-	int i = 0;
-
-	if (p->ntlmssp_auth && p->ntlmssp_validated)
-	{
-		if (!api_pipe_auth_process(p, pd)) return False;
-
-		DEBUG(0,("api_pipe_request: **** MUST CALL become_user() HERE **** \n"));
-#if 0
-		become_user();
-#endif
-	}
-
-	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
-	{
-		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
-		    api_fd_commands[i].fn != NULL)
-		{
-			DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name));
-			return api_fd_commands[i].fn(p, pd);
-		}
-	}
-	return False;
-}
-
-BOOL rpc_command(pipes_struct *p, prs_struct *pd)
-{
-	BOOL reply = False;
-	if (pd->data == NULL) return False;
-
-	/* process the rpc header */
-	smb_io_rpc_hdr("", &p->hdr, pd, 0);
-
-	if (pd->offset == 0) return False;
-
-	switch (p->hdr.pkt_type)
-	{
-		case RPC_BIND   :
-		{
-			reply = api_pipe_bind_req(p, pd);
-			break;
-		}
-		case RPC_REQUEST:
-		{
-			if (p->ntlmssp_auth && !p->ntlmssp_validated)
-			{
-				/* authentication _was_ requested
-				   and it failed.  sorry, no deal!
-				 */
-				reply = False;
-			}
-			else
-			{
-				/* read the rpc header */
-				smb_io_rpc_hdr_req("req", &(p->hdr_req), pd, 0);
-				reply = api_pipe_request(p, pd);
-			}
-			break;
-		}
-		case RPC_BINDRESP: /* not the real name! */
-		{
-			reply = api_pipe_bind_auth_resp(p, pd);
-			p->ntlmssp_auth = reply;
-			break;
-		}
-	}
-
-	if (!reply)
-	{
-		DEBUG(3,("rpc_command: DCE/RPC fault should be sent here\n"));
-	}
-
-	return reply;
-}
-
-
-/*******************************************************************
- receives a netlogon pipe and responds.
- ********************************************************************/
-static BOOL api_rpc_command(pipes_struct *p, 
-				char *rpc_name, struct api_struct *api_rpc_cmds,
-				prs_struct *data)
-{
-	int fn_num;
-	DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
-
-	for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++)
-	{
-		if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL)
-		{
-			DEBUG(3,("api_rpc_command: %s\n", api_rpc_cmds[fn_num].name));
-			break;
-		}
-	}
-
-	if (api_rpc_cmds[fn_num].name == NULL)
-	{
-		DEBUG(4, ("unknown\n"));
-		return False;
-	}
-
-	/* start off with 1024 bytes, and a large safety margin too */
-	prs_init(&p->rdata, 1024, 4, SAFETY_MARGIN, False);
-
-	/* do the actual command */
-	api_rpc_cmds[fn_num].fn(p->vuid, data, &(p->rdata));
-
-	if (p->rdata.data == NULL || p->rdata.offset == 0)
-	{
-		mem_free_data(p->rdata.data);
-		return False;
-	}
-
-	mem_realloc_data(p->rdata.data, p->rdata.offset);
-
-	DEBUG(10,("called %s\n", rpc_name));
-
-	return True;
-}
-
-
-/*******************************************************************
- receives a netlogon pipe and responds.
- ********************************************************************/
-BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds,
-				prs_struct *data)
-{
-	if (data == NULL || data->data == NULL)
-	{
-		DEBUG(2,("%s: NULL data received\n", rpc_name));
-		return False;
-	}
-
-	/* interpret the command */
-	if (!api_rpc_command(p, rpc_name, api_rpc_cmds, data))
-	{
-		return False;
-	}
-
-	/* create the rpc header */
-	if (!create_rpc_reply(p, 0, p->rdata.offset + (p->ntlmssp_auth ? (16 + 8) : 0)))
-	{
-		return False;
-	}
-
-	return True;
-}
-
 
 /*******************************************************************
  gets a domain user's groups
-- 
cgit 


From 74d539f5573a3ed3ff1b96c54752a389da4c3e14 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Tue, 17 Nov 1998 16:19:04 +0000
Subject: - group database API.  oops and oh dear, the threat has been carried
 out:   the pre-alpha "domain group" etc parameters have disappeared.

- interactive debug detection

- re-added mem_man (andrew's memory management, detects memory corruption)

- american spellings of "initialise" replaced with english spelling of
  "initialise".

- started on "lookup_name()" and "lookup_sid()" functions.  proper ones.

- moved lots of functions around.  created some modules of commonly used
  code.  e.g the password file locking code, which is used in groupfile.c
  and aliasfile.c and smbpass.c

- moved RID_TYPE_MASK up another bit.  this is really unfortunate, but
  there is no other "fast" way to identify users from groups from aliases.
  i do not believe that this code saves us anything (the multipliers)
  and puts us at a disadvantage (reduces the useable rid space).
  the designers of NT aren't silly: if they can get away with a user-
  interface-speed LsaLookupNames / LsaLookupSids, then so can we.  i
  spoke with isaac at the cifs conference, the only time for example that
  they do a security context check is on file create.  certainly not on
  individual file reads / writes, which would drastically hit their
  performance and ours, too.

- renamed myworkgroup to global_sam_name, amongst other things, when used
  in the rpc code.  there is also a global_member_name, as we are always
  responsible for a SAM database, the scope of which is limited by the role
  of the machine (e.g if a member of a workgroup, your SAM is for _local_
  logins only, and its name is the name of your server.  you even still
  have a SID.  see LsaQueryInfoPolicy, levels 3 and 5).

- updated functionality of groupname.c to be able to cope with names
  like DOMAIN\group and SERVER\alias.  used this code to be able to
  do aliases as well as groups.  this code may actually be better
  off being used in username mapping, too.

- created a connect to serverlist function in clientgen.c and used it
  in password.c

- initialisation in server.c depends on the role of the server.  well,
  it does now.

- rpctorture.  smbtorture.  EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
---
 source3/rpc_server/srv_util.c | 323 +-----------------------------------------
 1 file changed, 1 insertion(+), 322 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 097ab92d76..25dceb41a0 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -22,325 +22,4 @@
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-/*  this module apparently provides an implementation of DCE/RPC over a
- *  named pipe (IPC$ connection using SMBtrans).  details of DCE/RPC
- *  documentation are available (in on-line form) from the X-Open group.
- *
- *  this module should provide a level of abstraction between SMB
- *  and DCE/RPC, while minimising the amount of mallocs, unnecessary
- *  data copies, and network traffic.
- *
- *  in this version, which takes a "let's learn what's going on and
- *  get something running" approach, there is additional network
- *  traffic generated, but the code should be easier to understand...
- *
- *  ... if you read the docs.  or stare at packets for weeks on end.
- *
- */
-
-#include "includes.h"
-#include "nterr.h"
-
-extern int DEBUGLEVEL;
-
-/*
- * A list of the rids of well known BUILTIN and Domain users
- * and groups.
- */
-
-rid_name builtin_alias_rids[] =
-{  
-    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
-    { BUILTIN_ALIAS_RID_USERS        , "Users" },
-    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
-    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
-   
-    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
-    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
-    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
-    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
-    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
-    { 0                             , NULL }
-};
-
-/* array lookup of well-known Domain RID users. */
-rid_name domain_user_rids[] =
-{  
-    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
-    { DOMAIN_USER_RID_GUEST         , "Guest" },
-    { 0                             , NULL }
-};
-
-/* array lookup of well-known Domain RID groups. */
-rid_name domain_group_rids[] =
-{  
-    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
-    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
-    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
-    { 0                             , NULL }
-};
-
-int make_dom_gids(char *gids_str, DOM_GID **ppgids)
-{
-  char *ptr;
-  pstring s2;
-  int count;
-  DOM_GID *gids;
-
-  *ppgids = NULL;
-
-  DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
-  if (gids_str == NULL || *gids_str == 0)
-    return 0;
-
-  for (count = 0, ptr = gids_str; 
-       next_token(&ptr, s2, NULL, sizeof(s2)); 
-       count++)
-    ;
-
-  gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
-  if(!gids)
-  {
-    DEBUG(0,("make_dom_gids: malloc fail !\n"));
-    return 0;
-  }
-
-  for (count = 0, ptr = gids_str; 
-       next_token(&ptr, s2, NULL, sizeof(s2)) && 
-	       count < LSA_MAX_GROUPS; 
-       count++) 
-  {
-    /* the entries are of the form GID/ATTR, ATTR being optional.*/
-    char *attr;
-    uint32 rid = 0;
-    int i;
-
-    attr = strchr(s2,'/');
-    if (attr)
-      *attr++ = 0;
-
-    if (!attr || !*attr)
-      attr = "7"; /* default value for attribute is 7 */
-
-    /* look up the RID string and see if we can turn it into a rid number */
-    for (i = 0; builtin_alias_rids[i].name != NULL; i++)
-    {
-      if (strequal(builtin_alias_rids[i].name, s2))
-      {
-        rid = builtin_alias_rids[i].rid;
-        break;
-      }
-    }
-
-    if (rid == 0)
-      rid = atoi(s2);
-
-    if (rid == 0)
-    {
-      DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
-      count--;
-    }
-    else
-    {
-      gids[count].g_rid = rid;
-      gids[count].attr  = atoi(attr);
-
-      DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
-    }
-  }
-
-  *ppgids = gids;
-  return count;
-}
-
-
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, char *user)
-{
-	pstring tmp;
-
-	if (domain_groups == NULL || user == NULL) return;
-
-	/* any additional groups this user is in.  e.g power users */
-	pstrcpy(domain_groups, lp_domain_groups());
-
-	/* can only be a user or a guest.  cannot be guest _and_ admin */
-	if (user_in_list(user, lp_domain_guest_group()))
-	{
-		slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
-		pstrcat(domain_groups, tmp);
-
-		DEBUG(3,("domain guest group access %s granted\n", tmp));
-	}
-	else
-	{
-		slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
-		pstrcat(domain_groups, tmp);
-
-		DEBUG(3,("domain group access %s granted\n", tmp));
-
-		if (user_in_list(user, lp_domain_admin_group()))
-		{
-			slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
-			pstrcat(domain_groups, tmp);
-
-			DEBUG(3,("domain admin group access %s granted\n", tmp));
-		}
-	}
-}
-
-
-/*******************************************************************
- lookup_group_name
- ********************************************************************/
-uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
-{
-	int i = 0; 
-	(*type) = SID_NAME_DOM_GRP;
-
-	DEBUG(5,("lookup_group_name: rid: %d", rid));
-
-	while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
-	{
-		i++;
-	}
-
-	if (domain_group_rids[i].rid != 0)
-	{
-		fstrcpy(group_name, domain_group_rids[i].name);
-		DEBUG(5,(" = %s\n", group_name));
-		return 0x0;
-	}
-
-	DEBUG(5,(" none mapped\n"));
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_alias_name
- ********************************************************************/
-uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
-{
-	int i = 0; 
-	(*type) = SID_NAME_WKN_GRP;
-
-	DEBUG(5,("lookup_alias_name: rid: %d", rid));
-
-	while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
-	{
-		i++;
-	}
-
-	if (builtin_alias_rids[i].rid != 0)
-	{
-		fstrcpy(alias_name, builtin_alias_rids[i].name);
-		DEBUG(5,(" = %s\n", alias_name));
-		return 0x0;
-	}
-
-	DEBUG(5,(" none mapped\n"));
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_user_name
- ********************************************************************/
-uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
-{
-	struct sam_disp_info *disp_info;
-	int i = 0;
-	(*type) = SID_NAME_USER;
-
-	DEBUG(5,("lookup_user_name: rid: %d", rid));
-
-	/* look up the well-known domain user rids first */
-	while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
-	{
-		i++;
-	}
-
-	if (domain_user_rids[i].rid != 0)
-	{
-		fstrcpy(user_name, domain_user_rids[i].name);
-		DEBUG(5,(" = %s\n", user_name));
-		return 0x0;
-	}
-
-	/* ok, it's a user.  find the user account */
-	become_root(True);
-	disp_info = getsamdisprid(rid);
-	unbecome_root(True);
-
-	if (disp_info != NULL)
-	{
-		fstrcpy(user_name, disp_info->smb_name);
-		DEBUG(5,(" = %s\n", user_name));
-		return 0x0;
-	}
-
-	DEBUG(5,(" none mapped\n"));
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_group_rid
- ********************************************************************/
-uint32 lookup_group_rid(char *group_name, uint32 *rid)
-{
-	char *grp_name;
-	int i = -1; /* start do loop at -1 */
-
-	do /* find, if it exists, a group rid for the group name*/
-	{
-		i++;
-		(*rid) = domain_group_rids[i].rid;
-		grp_name = domain_group_rids[i].name;
-
-	} while (grp_name != NULL && !strequal(grp_name, group_name));
-
-	return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_alias_rid
- ********************************************************************/
-uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
-{
-	char *als_name;
-	int i = -1; /* start do loop at -1 */
-
-	do /* find, if it exists, a alias rid for the alias name*/
-	{
-		i++;
-		(*rid) = builtin_alias_rids[i].rid;
-		als_name = builtin_alias_rids[i].name;
-
-	} while (als_name != NULL && !strequal(als_name, alias_name));
-
-	return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_user_rid
- ********************************************************************/
-uint32 lookup_user_rid(char *user_name, uint32 *rid)
-{
-	struct sam_passwd *sam_pass;
-	(*rid) = 0;
-
-	/* find the user account */
-	become_root(True);
-	sam_pass = getsam21pwnam(user_name);
-	unbecome_root(True);
-
-	if (sam_pass != NULL)
-	{
-		(*rid) = sam_pass->user_rid;
-		return 0x0;
-	}
-
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
+/* retired module */
-- 
cgit 


From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 13 Dec 1999 13:27:58 +0000
Subject: first pass at updating head branch to be to be the same as the
 SAMBA_2_0 branch (This used to be commit
 453a822a76780063dff23526c35408866d0c0154)

---
 source3/rpc_server/srv_util.c | 323 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 322 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 25dceb41a0..097ab92d76 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -22,4 +22,325 @@
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-/* retired module */
+/*  this module apparently provides an implementation of DCE/RPC over a
+ *  named pipe (IPC$ connection using SMBtrans).  details of DCE/RPC
+ *  documentation are available (in on-line form) from the X-Open group.
+ *
+ *  this module should provide a level of abstraction between SMB
+ *  and DCE/RPC, while minimising the amount of mallocs, unnecessary
+ *  data copies, and network traffic.
+ *
+ *  in this version, which takes a "let's learn what's going on and
+ *  get something running" approach, there is additional network
+ *  traffic generated, but the code should be easier to understand...
+ *
+ *  ... if you read the docs.  or stare at packets for weeks on end.
+ *
+ */
+
+#include "includes.h"
+#include "nterr.h"
+
+extern int DEBUGLEVEL;
+
+/*
+ * A list of the rids of well known BUILTIN and Domain users
+ * and groups.
+ */
+
+rid_name builtin_alias_rids[] =
+{  
+    { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
+    { BUILTIN_ALIAS_RID_USERS        , "Users" },
+    { BUILTIN_ALIAS_RID_GUESTS       , "Guests" },
+    { BUILTIN_ALIAS_RID_POWER_USERS  , "Power Users" },
+   
+    { BUILTIN_ALIAS_RID_ACCOUNT_OPS  , "Account Operators" },
+    { BUILTIN_ALIAS_RID_SYSTEM_OPS   , "System Operators" },
+    { BUILTIN_ALIAS_RID_PRINT_OPS    , "Print Operators" },
+    { BUILTIN_ALIAS_RID_BACKUP_OPS   , "Backup Operators" },
+    { BUILTIN_ALIAS_RID_REPLICATOR   , "Replicator" },
+    { 0                             , NULL }
+};
+
+/* array lookup of well-known Domain RID users. */
+rid_name domain_user_rids[] =
+{  
+    { DOMAIN_USER_RID_ADMIN         , "Administrator" },
+    { DOMAIN_USER_RID_GUEST         , "Guest" },
+    { 0                             , NULL }
+};
+
+/* array lookup of well-known Domain RID groups. */
+rid_name domain_group_rids[] =
+{  
+    { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
+    { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
+    { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
+    { 0                             , NULL }
+};
+
+int make_dom_gids(char *gids_str, DOM_GID **ppgids)
+{
+  char *ptr;
+  pstring s2;
+  int count;
+  DOM_GID *gids;
+
+  *ppgids = NULL;
+
+  DEBUG(4,("make_dom_gids: %s\n", gids_str));
+
+  if (gids_str == NULL || *gids_str == 0)
+    return 0;
+
+  for (count = 0, ptr = gids_str; 
+       next_token(&ptr, s2, NULL, sizeof(s2)); 
+       count++)
+    ;
+
+  gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
+  if(!gids)
+  {
+    DEBUG(0,("make_dom_gids: malloc fail !\n"));
+    return 0;
+  }
+
+  for (count = 0, ptr = gids_str; 
+       next_token(&ptr, s2, NULL, sizeof(s2)) && 
+	       count < LSA_MAX_GROUPS; 
+       count++) 
+  {
+    /* the entries are of the form GID/ATTR, ATTR being optional.*/
+    char *attr;
+    uint32 rid = 0;
+    int i;
+
+    attr = strchr(s2,'/');
+    if (attr)
+      *attr++ = 0;
+
+    if (!attr || !*attr)
+      attr = "7"; /* default value for attribute is 7 */
+
+    /* look up the RID string and see if we can turn it into a rid number */
+    for (i = 0; builtin_alias_rids[i].name != NULL; i++)
+    {
+      if (strequal(builtin_alias_rids[i].name, s2))
+      {
+        rid = builtin_alias_rids[i].rid;
+        break;
+      }
+    }
+
+    if (rid == 0)
+      rid = atoi(s2);
+
+    if (rid == 0)
+    {
+      DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
+      count--;
+    }
+    else
+    {
+      gids[count].g_rid = rid;
+      gids[count].attr  = atoi(attr);
+
+      DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
+    }
+  }
+
+  *ppgids = gids;
+  return count;
+}
+
+
+/*******************************************************************
+ gets a domain user's groups
+ ********************************************************************/
+void get_domain_user_groups(char *domain_groups, char *user)
+{
+	pstring tmp;
+
+	if (domain_groups == NULL || user == NULL) return;
+
+	/* any additional groups this user is in.  e.g power users */
+	pstrcpy(domain_groups, lp_domain_groups());
+
+	/* can only be a user or a guest.  cannot be guest _and_ admin */
+	if (user_in_list(user, lp_domain_guest_group()))
+	{
+		slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
+		pstrcat(domain_groups, tmp);
+
+		DEBUG(3,("domain guest group access %s granted\n", tmp));
+	}
+	else
+	{
+		slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
+		pstrcat(domain_groups, tmp);
+
+		DEBUG(3,("domain group access %s granted\n", tmp));
+
+		if (user_in_list(user, lp_domain_admin_group()))
+		{
+			slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
+			pstrcat(domain_groups, tmp);
+
+			DEBUG(3,("domain admin group access %s granted\n", tmp));
+		}
+	}
+}
+
+
+/*******************************************************************
+ lookup_group_name
+ ********************************************************************/
+uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
+{
+	int i = 0; 
+	(*type) = SID_NAME_DOM_GRP;
+
+	DEBUG(5,("lookup_group_name: rid: %d", rid));
+
+	while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (domain_group_rids[i].rid != 0)
+	{
+		fstrcpy(group_name, domain_group_rids[i].name);
+		DEBUG(5,(" = %s\n", group_name));
+		return 0x0;
+	}
+
+	DEBUG(5,(" none mapped\n"));
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_alias_name
+ ********************************************************************/
+uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
+{
+	int i = 0; 
+	(*type) = SID_NAME_WKN_GRP;
+
+	DEBUG(5,("lookup_alias_name: rid: %d", rid));
+
+	while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (builtin_alias_rids[i].rid != 0)
+	{
+		fstrcpy(alias_name, builtin_alias_rids[i].name);
+		DEBUG(5,(" = %s\n", alias_name));
+		return 0x0;
+	}
+
+	DEBUG(5,(" none mapped\n"));
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_user_name
+ ********************************************************************/
+uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
+{
+	struct sam_disp_info *disp_info;
+	int i = 0;
+	(*type) = SID_NAME_USER;
+
+	DEBUG(5,("lookup_user_name: rid: %d", rid));
+
+	/* look up the well-known domain user rids first */
+	while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
+	{
+		i++;
+	}
+
+	if (domain_user_rids[i].rid != 0)
+	{
+		fstrcpy(user_name, domain_user_rids[i].name);
+		DEBUG(5,(" = %s\n", user_name));
+		return 0x0;
+	}
+
+	/* ok, it's a user.  find the user account */
+	become_root(True);
+	disp_info = getsamdisprid(rid);
+	unbecome_root(True);
+
+	if (disp_info != NULL)
+	{
+		fstrcpy(user_name, disp_info->smb_name);
+		DEBUG(5,(" = %s\n", user_name));
+		return 0x0;
+	}
+
+	DEBUG(5,(" none mapped\n"));
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_group_rid
+ ********************************************************************/
+uint32 lookup_group_rid(char *group_name, uint32 *rid)
+{
+	char *grp_name;
+	int i = -1; /* start do loop at -1 */
+
+	do /* find, if it exists, a group rid for the group name*/
+	{
+		i++;
+		(*rid) = domain_group_rids[i].rid;
+		grp_name = domain_group_rids[i].name;
+
+	} while (grp_name != NULL && !strequal(grp_name, group_name));
+
+	return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_alias_rid
+ ********************************************************************/
+uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
+{
+	char *als_name;
+	int i = -1; /* start do loop at -1 */
+
+	do /* find, if it exists, a alias rid for the alias name*/
+	{
+		i++;
+		(*rid) = builtin_alias_rids[i].rid;
+		als_name = builtin_alias_rids[i].name;
+
+	} while (als_name != NULL && !strequal(als_name, alias_name));
+
+	return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
+
+/*******************************************************************
+ lookup_user_rid
+ ********************************************************************/
+uint32 lookup_user_rid(char *user_name, uint32 *rid)
+{
+	struct sam_passwd *sam_pass;
+	(*rid) = 0;
+
+	/* find the user account */
+	become_root(True);
+	sam_pass = getsam21pwnam(user_name);
+	unbecome_root(True);
+
+	if (sam_pass != NULL)
+	{
+		(*rid) = sam_pass->user_rid;
+		return 0x0;
+	}
+
+	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+}
-- 
cgit 


From b89b75a368c5245c38ebe467b2d3820b3df59c6a Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 22 Mar 2000 10:26:09 +0000
Subject: added the following message to all dce/rpc client/server code, except
 the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that
 jeremy has been working up to TNG-functionality.

i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE,
because it is intolerable that potentially good modifications be made
to code that is going to be thrown away, and people waste their time
fixing bugs and adding enhancements that have already been carried
out already, up to two years ago in the TNG branch.

/*
 * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY,
 * INCOMPLETE.  PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE
 * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH.
 *
 * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY.
 *
 * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT
 * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT
 * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH
 *
 * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT
 * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG.
 * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG
 * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO
 * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT
 * MAY BE LOST.
 *
 * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST.
 *
 * THANK YOU.
 *
 * lkcl@samba.org
 */
(This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09)
---
 source3/rpc_server/srv_util.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 097ab92d76..a1ad97188a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -1,4 +1,29 @@
 
+/*
+ * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY,
+ * INCOMPLETE.  PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE
+ * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH.
+ *
+ * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY.
+ *
+ * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT
+ * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT
+ * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH
+ *
+ * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT
+ * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG.
+ * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG
+ * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO
+ * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT
+ * MAY BE LOST.
+ *
+ * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST.
+ *
+ * THANK YOU.
+ *
+ * lkcl@samba.org
+ */
+
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
-- 
cgit 


From 8f1620125dcb9c29c223f4efb6485528ece70f11 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 22 Mar 2000 19:03:12 +0000
Subject: acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp
 code. include/byteorder.h: Added alignment macros. include/nameserv.h: Added
 defines for msg_type field options - from rfc1002. lib/time.c: Typo fix.
 lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero
 -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code.

Other fixes : Rollback of unapproved commit from Luke.
Please *ask* next time before doing large changes to HEAD.

Jeremy.
(This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2)
---
 source3/rpc_server/srv_util.c | 25 -------------------------
 1 file changed, 25 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index a1ad97188a..097ab92d76 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -1,29 +1,4 @@
 
-/*
- * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY,
- * INCOMPLETE.  PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE
- * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH.
- *
- * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY.
- *
- * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT
- * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT
- * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH
- *
- * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT
- * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG.
- * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG
- * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO
- * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT
- * MAY BE LOST.
- *
- * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST.
- *
- * THANK YOU.
- *
- * lkcl@samba.org
- */
-
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
-- 
cgit 


From 16d53e8752ba6da1eb2b2b516763570544aca83b Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 4 Apr 2000 00:36:19 +0000
Subject: Snuck in some whitespace cleanup while I was visiting these files. 
 (-: (This used to be commit f249dc041f3f3bdb1adaa41271236ffdb2447475)

---
 source3/rpc_server/srv_util.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 097ab92d76..f5cf615fd7 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -1,4 +1,3 @@
-
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
@@ -39,7 +38,6 @@
  */
 
 #include "includes.h"
-#include "nterr.h"
 
 extern int DEBUGLEVEL;
 
-- 
cgit 


From 49a0e6d5989656c1b3c9c063a20308ca4ee5d73b Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 10 May 2000 10:41:59 +0000
Subject: more merging voodoo

this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
---
 source3/rpc_server/srv_util.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f5cf615fd7..8264741db0 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -1,3 +1,5 @@
+#define OLD_NTDOMAIN 1
+
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
@@ -342,3 +344,5 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
 
 	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
 }
+
+#undef OLD_NTDOMAIN
-- 
cgit 


From 218653764f55b5fe16ffbda93d415a1495460956 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 23 Jun 2000 05:53:18 +0000
Subject: Removed save directory argument to become_root() calls.  Probably
 most of this stuff doesn't need to be done as root anyway. (This used to be
 commit c3cad0ff6482784f95fd54ba51ee5be2354bb95d)

---
 source3/rpc_server/srv_util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 8264741db0..a1f2a7c085 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -270,9 +270,9 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 	}
 
 	/* ok, it's a user.  find the user account */
-	become_root(True);
+	become_root();
 	disp_info = getsamdisprid(rid);
-	unbecome_root(True);
+	unbecome_root();
 
 	if (disp_info != NULL)
 	{
@@ -332,9 +332,9 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
 	(*rid) = 0;
 
 	/* find the user account */
-	become_root(True);
+	become_root();
 	sam_pass = getsam21pwnam(user_name);
-	unbecome_root(True);
+	unbecome_root();
 
 	if (sam_pass != NULL)
 	{
-- 
cgit 


From 7f36df301e28dc8ca0e5bfadc109d6e907d9ba2b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 1 Aug 2000 18:32:34 +0000
Subject: Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only
 need NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing
 "C" syntax in a more obscure way. Jeremy. (This used to be commit
 c55bcec817f47d6162466b193d533c877194124a)

---
 source3/rpc_server/srv_util.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index a1f2a7c085..ba13f0ed7a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -216,7 +216,7 @@ uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 	}
 
 	DEBUG(5,(" none mapped\n"));
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+	return NT_STATUS_NONE_MAPPED;
 }
 
 /*******************************************************************
@@ -242,7 +242,7 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 	}
 
 	DEBUG(5,(" none mapped\n"));
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+	return NT_STATUS_NONE_MAPPED;
 }
 
 /*******************************************************************
@@ -282,7 +282,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 	}
 
 	DEBUG(5,(" none mapped\n"));
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+	return NT_STATUS_NONE_MAPPED;
 }
 
 /*******************************************************************
@@ -301,7 +301,7 @@ uint32 lookup_group_rid(char *group_name, uint32 *rid)
 
 	} while (grp_name != NULL && !strequal(grp_name, group_name));
 
-	return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+	return (grp_name != NULL) ? 0 : NT_STATUS_NONE_MAPPED;
 }
 
 /*******************************************************************
@@ -320,7 +320,7 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
 
 	} while (als_name != NULL && !strequal(als_name, alias_name));
 
-	return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
+	return (als_name != NULL) ? 0 : NT_STATUS_NONE_MAPPED;
 }
 
 /*******************************************************************
@@ -342,7 +342,7 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
 		return 0x0;
 	}
 
-	return 0xC0000000 | NT_STATUS_NONE_MAPPED;
+	return NT_STATUS_NONE_MAPPED;
 }
 
 #undef OLD_NTDOMAIN
-- 
cgit 


From 9fede0dc0dbad51528cd1384023d24549c3f0ba4 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 13 Nov 2000 23:03:34 +0000
Subject: Large commit which restructures the local password storage API.
 Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are
 broken, but they were somewhat broken before. :)

The following functions implement the storage manipulation interface

/*The following definitions come from  passdb/pdb_smbpasswd.c  */

BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);

There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members.  Note that the struct
passdb_ops {} has gone away.  Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file.  All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.

I'll write some documentation for this later.  The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.

What works and may not:

	o domain logons from Win9x 	works
	o domain logons from WinNT 4	works
	o user and group enumeration
		as implemented by Tim	works
	o file and print access		works
	o changing password from
		Win9x & NT		ummm...i'll fix this tonight :)

If I broke anything else, just yell and I'll fix it.  I think it
should be fairly quite.





-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
---
 source3/rpc_server/srv_util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index ba13f0ed7a..8349b7add6 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -271,7 +271,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 
 	/* ok, it's a user.  find the user account */
 	become_root();
-	disp_info = getsamdisprid(rid);
+	disp_info = pdb_sam_to_dispinfo(pdb_getsampwrid(rid));
 	unbecome_root();
 
 	if (disp_info != NULL)
@@ -328,17 +328,17 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
  ********************************************************************/
 uint32 lookup_user_rid(char *user_name, uint32 *rid)
 {
-	struct sam_passwd *sam_pass;
+	SAM_ACCOUNT *sam_pass;
 	(*rid) = 0;
 
 	/* find the user account */
 	become_root();
-	sam_pass = getsam21pwnam(user_name);
+	sam_pass = pdb_getsampwnam(user_name);
 	unbecome_root();
 
 	if (sam_pass != NULL)
 	{
-		(*rid) = sam_pass->user_rid;
+		*rid = pdb_get_user_rid(sam_pass);
 		return 0x0;
 	}
 
-- 
cgit 


From da3053048c3d224a20d6383ac6682d31059cd46c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sun, 11 Mar 2001 00:32:10 +0000
Subject: Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows
 new SAMR RPC code to merge with new passdb code. Currently rpcclient doesn't
 compile. I'm working on it... Jeremy. (This used to be commit
 0be41d5158ea4e645e93e8cd30617c038416e549)

---
 source3/rpc_server/srv_util.c | 51 +++++++++++++++++++------------------------
 1 file changed, 23 insertions(+), 28 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 8349b7add6..82125a7085 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -1,5 +1,3 @@
-#define OLD_NTDOMAIN 1
-
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
@@ -80,7 +78,7 @@ rid_name domain_group_rids[] =
     { 0                             , NULL }
 };
 
-int make_dom_gids(char *gids_str, DOM_GID **ppgids)
+int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
 {
   char *ptr;
   pstring s2;
@@ -99,10 +97,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
        count++)
     ;
 
-  gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
+  gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count );
   if(!gids)
   {
-    DEBUG(0,("make_dom_gids: malloc fail !\n"));
+    DEBUG(0,("make_dom_gids: talloc fail !\n"));
     return 0;
   }
 
@@ -192,11 +190,10 @@ void get_domain_user_groups(char *domain_groups, char *user)
 	}
 }
 
-
 /*******************************************************************
- lookup_group_name
+ Look up a local (domain) rid and return a name and type.
  ********************************************************************/
-uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
+uint32 local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 {
 	int i = 0; 
 	(*type) = SID_NAME_DOM_GRP;
@@ -220,9 +217,9 @@ uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 }
 
 /*******************************************************************
- lookup_alias_name
+ Look up a local alias rid and return a name and type.
  ********************************************************************/
-uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
+uint32 local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 {
 	int i = 0; 
 	(*type) = SID_NAME_WKN_GRP;
@@ -246,11 +243,11 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 }
 
 /*******************************************************************
- lookup_user_name
+ Look up a local user rid and return a name and type.
  ********************************************************************/
-uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
+uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 {
-	struct sam_disp_info *disp_info;
+	SAM_ACCOUNT *sampwd;
 	int i = 0;
 	(*type) = SID_NAME_USER;
 
@@ -271,12 +268,12 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 
 	/* ok, it's a user.  find the user account */
 	become_root();
-	disp_info = pdb_sam_to_dispinfo(pdb_getsampwrid(rid));
+	sampwd = pdb_getsampwrid(rid);
 	unbecome_root();
 
-	if (disp_info != NULL)
+	if (sampwd != NULL)
 	{
-		fstrcpy(user_name, disp_info->smb_name);
+		fstrcpy(user_name, pdb_get_username(sampwd) );
 		DEBUG(5,(" = %s\n", user_name));
 		return 0x0;
 	}
@@ -286,9 +283,9 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 }
 
 /*******************************************************************
- lookup_group_rid
+ Look up a local (domain) group name and return a rid
  ********************************************************************/
-uint32 lookup_group_rid(char *group_name, uint32 *rid)
+uint32 local_lookup_group_rid(char *group_name, uint32 *rid)
 {
 	char *grp_name;
 	int i = -1; /* start do loop at -1 */
@@ -305,9 +302,9 @@ uint32 lookup_group_rid(char *group_name, uint32 *rid)
 }
 
 /*******************************************************************
- lookup_alias_rid
+ Look up a local (BUILTIN) alias name and return a rid
  ********************************************************************/
-uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
+uint32 local_lookup_alias_rid(char *alias_name, uint32 *rid)
 {
 	char *als_name;
 	int i = -1; /* start do loop at -1 */
@@ -324,25 +321,23 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
 }
 
 /*******************************************************************
- lookup_user_rid
+ Look up a local user name and return a rid
  ********************************************************************/
-uint32 lookup_user_rid(char *user_name, uint32 *rid)
+uint32 local_lookup_user_rid(char *user_name, uint32 *rid)
 {
-	SAM_ACCOUNT *sam_pass;
+	SAM_ACCOUNT *sampass;
 	(*rid) = 0;
 
 	/* find the user account */
 	become_root();
-	sam_pass = pdb_getsampwnam(user_name);
+	sampass = pdb_getsampwnam(user_name);
 	unbecome_root();
 
-	if (sam_pass != NULL)
+	if (sampass != NULL)
 	{
-		*rid = pdb_get_user_rid(sam_pass);
+		(*rid) = pdb_get_user_rid(sampass);
 		return 0x0;
 	}
 
 	return NT_STATUS_NONE_MAPPED;
 }
-
-#undef OLD_NTDOMAIN
-- 
cgit 


From f35157f39293f9fa240a28642c41708b55d301c8 Mon Sep 17 00:00:00 2001
From: Jean-François Micouleau <jfm@samba.org>
Date: Fri, 4 May 2001 15:44:27 +0000
Subject: Big cleanup of passdb and backends.

I did some basic tests but I have probably broken something. Notably the
password changing. So don't cry ;-)

	J.F.
(This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719)
---
 source3/rpc_server/srv_util.c | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 82125a7085..b4472671fc 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -247,8 +247,10 @@ uint32 local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
  ********************************************************************/
 uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 {
-	SAM_ACCOUNT *sampwd;
+	SAM_ACCOUNT *sampwd=NULL;
 	int i = 0;
+	BOOL ret;
+	
 	(*type) = SID_NAME_USER;
 
 	DEBUG(5,("lookup_user_name: rid: %d", rid));
@@ -259,26 +261,28 @@ uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 		i++;
 	}
 
-	if (domain_user_rids[i].rid != 0)
-	{
+	if (domain_user_rids[i].rid != 0) {
 		fstrcpy(user_name, domain_user_rids[i].name);
 		DEBUG(5,(" = %s\n", user_name));
 		return 0x0;
 	}
 
+	pdb_init_sam(&sampwd);
+
 	/* ok, it's a user.  find the user account */
 	become_root();
-	sampwd = pdb_getsampwrid(rid);
+	ret = pdb_getsampwrid(sampwd, rid);
 	unbecome_root();
 
-	if (sampwd != NULL)
-	{
+	if (ret == True) {
 		fstrcpy(user_name, pdb_get_username(sampwd) );
 		DEBUG(5,(" = %s\n", user_name));
+		pdb_clear_sam(sampwd);
 		return 0x0;
 	}
 
 	DEBUG(5,(" none mapped\n"));
+	pdb_clear_sam(sampwd);
 	return NT_STATUS_NONE_MAPPED;
 }
 
@@ -325,19 +329,24 @@ uint32 local_lookup_alias_rid(char *alias_name, uint32 *rid)
  ********************************************************************/
 uint32 local_lookup_user_rid(char *user_name, uint32 *rid)
 {
-	SAM_ACCOUNT *sampass;
+	SAM_ACCOUNT *sampass=NULL;
+	BOOL ret;
+
 	(*rid) = 0;
 
+	pdb_init_sam(&sampass);
+
 	/* find the user account */
 	become_root();
-	sampass = pdb_getsampwnam(user_name);
+	ret = pdb_getsampwnam(sampass, user_name);
 	unbecome_root();
 
-	if (sampass != NULL)
-	{
+	if (ret == True) {
 		(*rid) = pdb_get_user_rid(sampass);
+		pdb_clear_sam(sampass);
 		return 0x0;
 	}
 
+	pdb_clear_sam(sampass);
 	return NT_STATUS_NONE_MAPPED;
 }
-- 
cgit 


From 30c4c04c2f584857633ce7605555dcfb37a3e1af Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 7 May 2001 14:04:46 +0000
Subject: Patch from Simo:

  o sed 's/pdb_clear_sam/pdb_free_sam/g'
  o add pdb_reset_sam()
  o password changing should be ok now as well.
(This used to be commit 96d0e7c3301ad990f6c83b9c216720cb32661fb5)
---
 source3/rpc_server/srv_util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index b4472671fc..861d47b9d8 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -277,12 +277,12 @@ uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 	if (ret == True) {
 		fstrcpy(user_name, pdb_get_username(sampwd) );
 		DEBUG(5,(" = %s\n", user_name));
-		pdb_clear_sam(sampwd);
+		pdb_free_sam(sampwd);
 		return 0x0;
 	}
 
 	DEBUG(5,(" none mapped\n"));
-	pdb_clear_sam(sampwd);
+	pdb_free_sam(sampwd);
 	return NT_STATUS_NONE_MAPPED;
 }
 
@@ -343,10 +343,10 @@ uint32 local_lookup_user_rid(char *user_name, uint32 *rid)
 
 	if (ret == True) {
 		(*rid) = pdb_get_user_rid(sampass);
-		pdb_clear_sam(sampass);
+		pdb_free_sam(sampass);
 		return 0x0;
 	}
 
-	pdb_clear_sam(sampass);
+	pdb_free_sam(sampass);
 	return NT_STATUS_NONE_MAPPED;
 }
-- 
cgit 


From 495f6e678774b013ec9da268fb69543ec9fc6cc6 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 7 May 2001 22:10:38 +0000
Subject: merge from 2.2 removing the 'domain XXX' parameters. (This used to be
 commit 9aefc86e355bf160300580acb85a58a18207ccdf)

---
 source3/rpc_server/srv_util.c | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 861d47b9d8..deaa6008b9 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -162,9 +162,6 @@ void get_domain_user_groups(char *domain_groups, char *user)
 
 	if (domain_groups == NULL || user == NULL) return;
 
-	/* any additional groups this user is in.  e.g power users */
-	pstrcpy(domain_groups, lp_domain_groups());
-
 	/* can only be a user or a guest.  cannot be guest _and_ admin */
 	if (user_in_list(user, lp_domain_guest_group()))
 	{
-- 
cgit 


From 527e824293ee934ca5da0ef5424efe5ab7757248 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 4 Jul 2001 07:36:09 +0000
Subject: strchr and strrchr are macros when compiling with optimisation in
 gcc, so we can't redefine them. damn. (This used to be commit
 c41fc06376d1a2b83690612304e85010b5e5f3cf)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index deaa6008b9..f9e02b9bca 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -114,7 +114,7 @@ int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
     uint32 rid = 0;
     int i;
 
-    attr = strchr(s2,'/');
+    attr = strchr_m(s2,'/');
     if (attr)
       *attr++ = 0;
 
-- 
cgit 


From b031af348c7dcc8c74bf49945211c466b8eca079 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 27 Aug 2001 19:46:22 +0000
Subject: converted another bunch of stuff to NTSTATUS (This used to be commit
 1d36250e338ae0ff9fbbf86019809205dd97d05e)

---
 source3/rpc_server/srv_util.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f9e02b9bca..5393523a78 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -190,7 +190,7 @@ void get_domain_user_groups(char *domain_groups, char *user)
 /*******************************************************************
  Look up a local (domain) rid and return a name and type.
  ********************************************************************/
-uint32 local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
+NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 {
 	int i = 0; 
 	(*type) = SID_NAME_DOM_GRP;
@@ -206,7 +206,7 @@ uint32 local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 	{
 		fstrcpy(group_name, domain_group_rids[i].name);
 		DEBUG(5,(" = %s\n", group_name));
-		return 0x0;
+		return NT_STATUS_OK;
 	}
 
 	DEBUG(5,(" none mapped\n"));
@@ -216,7 +216,7 @@ uint32 local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
 /*******************************************************************
  Look up a local alias rid and return a name and type.
  ********************************************************************/
-uint32 local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
+NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 {
 	int i = 0; 
 	(*type) = SID_NAME_WKN_GRP;
@@ -232,7 +232,7 @@ uint32 local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 	{
 		fstrcpy(alias_name, builtin_alias_rids[i].name);
 		DEBUG(5,(" = %s\n", alias_name));
-		return 0x0;
+		return NT_STATUS_OK;
 	}
 
 	DEBUG(5,(" none mapped\n"));
@@ -242,7 +242,7 @@ uint32 local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 /*******************************************************************
  Look up a local user rid and return a name and type.
  ********************************************************************/
-uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
+NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 {
 	SAM_ACCOUNT *sampwd=NULL;
 	int i = 0;
@@ -261,7 +261,7 @@ uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 	if (domain_user_rids[i].rid != 0) {
 		fstrcpy(user_name, domain_user_rids[i].name);
 		DEBUG(5,(" = %s\n", user_name));
-		return 0x0;
+		return NT_STATUS_OK;
 	}
 
 	pdb_init_sam(&sampwd);
@@ -275,7 +275,7 @@ uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 		fstrcpy(user_name, pdb_get_username(sampwd) );
 		DEBUG(5,(" = %s\n", user_name));
 		pdb_free_sam(sampwd);
-		return 0x0;
+		return NT_STATUS_OK;
 	}
 
 	DEBUG(5,(" none mapped\n"));
@@ -286,7 +286,7 @@ uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 /*******************************************************************
  Look up a local (domain) group name and return a rid
  ********************************************************************/
-uint32 local_lookup_group_rid(char *group_name, uint32 *rid)
+NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
 {
 	char *grp_name;
 	int i = -1; /* start do loop at -1 */
@@ -299,13 +299,13 @@ uint32 local_lookup_group_rid(char *group_name, uint32 *rid)
 
 	} while (grp_name != NULL && !strequal(grp_name, group_name));
 
-	return (grp_name != NULL) ? 0 : NT_STATUS_NONE_MAPPED;
+	return (grp_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
 }
 
 /*******************************************************************
  Look up a local (BUILTIN) alias name and return a rid
  ********************************************************************/
-uint32 local_lookup_alias_rid(char *alias_name, uint32 *rid)
+NTSTATUS local_lookup_alias_rid(char *alias_name, uint32 *rid)
 {
 	char *als_name;
 	int i = -1; /* start do loop at -1 */
@@ -318,13 +318,13 @@ uint32 local_lookup_alias_rid(char *alias_name, uint32 *rid)
 
 	} while (als_name != NULL && !strequal(als_name, alias_name));
 
-	return (als_name != NULL) ? 0 : NT_STATUS_NONE_MAPPED;
+	return (als_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
 }
 
 /*******************************************************************
  Look up a local user name and return a rid
  ********************************************************************/
-uint32 local_lookup_user_rid(char *user_name, uint32 *rid)
+NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid)
 {
 	SAM_ACCOUNT *sampass=NULL;
 	BOOL ret;
@@ -341,7 +341,7 @@ uint32 local_lookup_user_rid(char *user_name, uint32 *rid)
 	if (ret == True) {
 		(*rid) = pdb_get_user_rid(sampass);
 		pdb_free_sam(sampass);
-		return 0x0;
+		return NT_STATUS_OK;
 	}
 
 	pdb_free_sam(sampass);
-- 
cgit 


From 81697d5ebe33ad95dedfc376118fcdf0367cf052 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 29 Sep 2001 13:08:26 +0000
Subject: Fix up a number of intertwined issues:

The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object.  This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.

This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.

Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored.  Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False.  Now that we check the returns
this bug was spotted.  This could allow different LM and NT passwords.

 - the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.

I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data.  I assume this is from a previous
lot of mass conversion work...

Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.

If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.

Andrew Bartlett
(This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
---
 source3/rpc_server/srv_util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 5393523a78..dc66887ee9 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -274,12 +274,12 @@ NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 	if (ret == True) {
 		fstrcpy(user_name, pdb_get_username(sampwd) );
 		DEBUG(5,(" = %s\n", user_name));
-		pdb_free_sam(sampwd);
+		pdb_free_sam(&sampwd);
 		return NT_STATUS_OK;
 	}
 
 	DEBUG(5,(" none mapped\n"));
-	pdb_free_sam(sampwd);
+	pdb_free_sam(&sampwd);
 	return NT_STATUS_NONE_MAPPED;
 }
 
@@ -340,10 +340,10 @@ NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid)
 
 	if (ret == True) {
 		(*rid) = pdb_get_user_rid(sampass);
-		pdb_free_sam(sampass);
+		pdb_free_sam(&sampass);
 		return NT_STATUS_OK;
 	}
 
-	pdb_free_sam(sampass);
+	pdb_free_sam(&sampass);
 	return NT_STATUS_NONE_MAPPED;
 }
-- 
cgit 


From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 2 Oct 2001 04:29:50 +0000
Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
 (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)

---
 source3/rpc_server/srv_util.c | 2 --
 1 file changed, 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index dc66887ee9..d441758db2 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -39,8 +39,6 @@
 
 #include "includes.h"
 
-extern int DEBUGLEVEL;
-
 /*
  * A list of the rids of well known BUILTIN and Domain users
  * and groups.
-- 
cgit 


From d9d7f023d8d11943ca0375e1573e6ec9921889bc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 29 Oct 2001 07:35:11 +0000
Subject: This commit is number 4 of 4.

In particular this commit focuses on:

Actually adding the 'const' to the passdb interface, and the flow-on changes.

Also kill off the 'disp_info' stuff, as its no longer used.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.

----

These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:

	- I want to allow the SAM_ACCOUNT structure to move from wasteful
	pstrings and fstrings to  allocated strings.  We can't do that if
	people are modifying these outputs, as they may well make
	assumptions about getting pstrings and fstrings

	- I want --with-pam_smbpass to compile with a slightly sane
	volume of warnings, currently its  pretty bad, even in 2.2
	where is compiles at all.

	- Tridge assures me that he no longer opposes 'const religion'
	based on the ability to  #define const the problem away.

	- Changed Get_Pwnam(x,y) into two variants (so that the const
	parameter can work correctly): - Get_Pwnam(const x) and
	Get_Pwnam_Modify(x).

	- Reworked smbd/chgpasswd.c to work with these mods, passing
	around a 'struct passwd' rather  than the modified username

---

This finishes this line of commits off, your tree should now compile again :-)

Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index d441758db2..40831cbad7 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -154,7 +154,7 @@ int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
 /*******************************************************************
  gets a domain user's groups
  ********************************************************************/
-void get_domain_user_groups(char *domain_groups, char *user)
+void get_domain_user_groups(char *domain_groups, const char *user)
 {
 	pstring tmp;
 
-- 
cgit 


From 922eb763d7365716fd3c20aa069746fc9bfb8ab3 Mon Sep 17 00:00:00 2001
From: Jean-François Micouleau <jfm@samba.org>
Date: Tue, 4 Dec 2001 21:53:47 +0000
Subject: added a boolean to the group mapping functions to specify if we need
 or not the privileges. Usually we don't need them, so the memory is free
 early.

lib/util_sid.c: added some helper functions to check an SID.

passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !

rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.

	J.F.
(This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
---
 source3/rpc_server/srv_util.c | 77 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 40831cbad7..70ee377e2c 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -150,6 +150,83 @@ int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
   return count;
 }
 
+/*******************************************************************
+ gets a domain user's groups
+ ********************************************************************/
+BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
+{
+	GROUP_MAP *map=NULL;
+	int i, num, num_entries, cur_gid=0;
+	struct group *grp;
+	DOM_GID *gids;
+	fstring user_name;
+	uint32 grid;
+	uint32 tmp_rid;
+
+	fstrcpy(user_name, pdb_get_username(sam_pass));
+	grid=pdb_get_group_rid(sam_pass);
+
+	DEBUG(10,("new_get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+
+	/* first get the list of the domain groups */
+	if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+		return False;
+	DEBUG(10,("new_get_domain_user_groups: there are %d mapped groups\n", num_entries));
+
+
+	/* 
+	 * alloc memory. In the worse case, we alloc memory for nothing.
+	 * but I prefer to alloc for nothing
+	 * than reallocing everytime.
+	 */
+	gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) *  num_entries);	
+
+	/* for each group, check if the user is a member of*/
+	for(i=0; i<num_entries; i++) {
+		if ((grp=getgrgid(map[i].gid)) == NULL) {
+			/* very weird !!! */
+			DEBUG(5,("new_get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
+			continue;
+		}
+
+		for(num=0; grp->gr_mem[num]!=NULL; num++) {
+			if(strcmp(grp->gr_mem[num], user_name)==0) {
+				/* we found the user, add the group to the list */
+				sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
+				gids[cur_gid].attr=map[i].sid_name_use;
+				DEBUG(10,("new_get_domain_user_groups: user found in group %s\n", map[i].nt_name));
+				cur_gid++;
+				break;
+			}
+		}
+	}
+
+	/* we have checked the groups */
+	/* we must now check the gid of the user or the primary group rid, that's the same */
+	for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++)
+		;
+	
+	/* the user's gid is already there */
+	if (i!=cur_gid) {
+		goto done;
+	}
+
+	for(i=0; i<num_entries; i++) {
+		sid_peek_rid(&map[i].sid, &tmp_rid);
+		if (tmp_rid==grid) {
+			gids[cur_gid].g_rid=tmp_rid;
+			gids[cur_gid].attr=map[i].sid_name_use;
+			DEBUG(10,("new_get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
+			cur_gid++;
+			goto done; /* leave the loop early */
+		}
+	}
+
+ done:
+ 	*pgids=gids;
+	*numgroups=cur_gid;
+	safe_free(map);
+}
 
 /*******************************************************************
  gets a domain user's groups
-- 
cgit 


From 95a21460b788775ac81adb7acdf82c92aa5c5525 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 5 Dec 2001 11:32:25 +0000
Subject: fixed a return value (This used to be commit
 56bdb152d8617c0a36c0bc25c677a2d98bcb1328)

---
 source3/rpc_server/srv_util.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 70ee377e2c..497771dcab 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -226,6 +226,7 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
  	*pgids=gids;
 	*numgroups=cur_gid;
 	safe_free(map);
+	return True;
 }
 
 /*******************************************************************
-- 
cgit 


From 7b53a92f59984211e5ceb731163efa6e767e55a3 Mon Sep 17 00:00:00 2001
From: Jean-François Micouleau <jfm@samba.org>
Date: Wed, 5 Dec 2001 15:41:44 +0000
Subject: added samr_queryuseralias(). instead of returning
 BUILTIN_ALIAS_RID_USERS, now return the alias correctly.

time to look at the netlogon case.

	J.F.
(This used to be commit 72ee1791084d09e73d8057e37ced4a79cecffb35)
---
 source3/rpc_server/srv_util.c | 180 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 180 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 497771dcab..80090cf6e0 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -150,6 +150,183 @@ int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
   return count;
 }
 
+/*******************************************************************
+ gets a domain user's groups
+ ********************************************************************/
+NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
+{
+	SAM_ACCOUNT *sam_pass=NULL;
+	char *sep;
+	struct sys_grent *glist;
+	struct sys_grent *grp;
+	int i, num, cur_rid=0;
+	gid_t *gid;
+	GROUP_MAP map;
+	DOM_SID tmp_sid;
+	fstring user_name;
+	fstring str_domsid, str_qsid;
+	uint32 rid,grid;
+	uint32 *rids=NULL, *new_rids=NULL;
+	BOOL ret;
+
+	/*
+	 * this code is far from perfect.
+	 * first it enumerates the full /etc/group and that can be slow.
+	 * second, it works only with users' SIDs
+	 * whereas the day we support nested groups, it will have to
+	 * support both users's SIDs and domain groups' SIDs
+	 *
+	 * having our own ldap backend would be so much faster !
+	 * we're far from that, but hope one day ;-) JFM.
+	 */
+
+	*prids=NULL;
+	*numgroups=0;
+
+	sep = lp_winbind_separator();
+
+
+	DEBUG(10,("new_get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
+	          sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
+
+	sid_peek_rid(q_sid, &rid);
+
+	pdb_init_sam(&sam_pass);
+	become_root();
+	ret = pdb_getsampwrid(sam_pass, rid);
+	unbecome_root();
+	if (ret == False)
+		return NT_STATUS_NO_SUCH_USER;
+
+	fstrcpy(user_name, pdb_get_username(sam_pass));
+	grid=pdb_get_group_rid(sam_pass);
+	gid=pdb_get_gid(sam_pass);
+	
+	grp = glist = getgrent_list();
+	if (grp == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	
+	for (; grp != NULL; grp = grp->next) {
+		if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) {
+			DEBUG(10,("new_get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
+			continue;
+		}
+		
+		/* if it's not an alias, continue */
+		if (map.sid_name_use!=SID_NAME_ALIAS) {
+			DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+			continue;
+		}
+
+		sid_copy(&tmp_sid, &map.sid);
+		sid_split_rid(&tmp_sid, &rid);
+		
+		/* if the sid is not in the correct domain, continue */
+		if (!sid_equal(&tmp_sid, sid)) {
+			DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+			continue;
+		}
+
+		/* Don't return winbind groups as they are not local! */
+		if (strchr_m(map.nt_name, *sep) != NULL) {
+			DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
+			continue;
+		}
+
+		/* Don't return user private groups... */
+		if (Get_Pwnam(map.nt_name) != 0) {
+			DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
+			continue;			
+		}
+		
+		/* the group is fine, we can check if there is the user we're looking for */
+		DEBUG(10,("new_get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
+		
+		for(num=0; grp->gr_mem[num]!=NULL; num++) {
+			if(strcmp(grp->gr_mem[num], user_name)==0) {
+				/* we found the user, add the group to the list */
+				
+				new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
+				if (new_rids==NULL) {
+					DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+					return NT_STATUS_NO_MEMORY;
+				}
+				rids=new_rids;
+				
+				sid_peek_rid(&map.sid, &(rids[cur_rid]));
+				DEBUG(10,("new_get_alias_user_groups: user found in group %s\n", map.nt_name));
+				cur_rid++;
+				break;
+			}
+		}
+		
+	}
+	
+	grent_free(glist);
+	
+	/* now check for the user's gid (the primary group rid) */
+	for (i=0; i<cur_rid && grid!=rids[i]; i++)
+		;
+	
+	/* the user's gid is already there */
+	if (i!=cur_rid) {
+		DEBUG(10,("new_get_alias_user_groups: user is already in the list. good.\n"));
+		goto done;
+	}
+	
+	DEBUG(10,("new_get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
+	
+	if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) {
+		DEBUG(0,("new_get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+		goto done;
+	}	
+	
+	/* the primary group isn't an alias */
+	if (map.sid_name_use!=SID_NAME_ALIAS) {
+		DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+		goto done;
+	}
+
+	sid_copy(&tmp_sid, &map.sid);
+	sid_split_rid(&tmp_sid, &rid);
+		
+	/* if the sid is not in the correct domain, continue */
+	if (!sid_equal(&tmp_sid, sid)) {
+		DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+		goto done;
+	}
+
+	/* Don't return winbind groups as they are not local! */
+	if (strchr_m(map.nt_name, *sep) != NULL) {
+		DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
+		goto done;
+	}
+
+	/* Don't return user private groups... */
+	if (Get_Pwnam(map.nt_name) != 0) {
+		DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
+		goto done;			
+	}
+
+	new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
+	if (new_rids==NULL) {
+		DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+	rids=new_rids;
+
+ 	sid_peek_rid(&map.sid, &(rids[cur_rid]));
+	cur_rid++;
+
+done:
+ 	*prids=rids;
+	*numgroups=cur_rid;
+	
+	return NT_STATUS_OK;
+}
+
+
 /*******************************************************************
  gets a domain user's groups
  ********************************************************************/
@@ -163,6 +340,8 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
 	uint32 grid;
 	uint32 tmp_rid;
 
+	*numgroups=0;
+
 	fstrcpy(user_name, pdb_get_username(sam_pass));
 	grid=pdb_get_group_rid(sam_pass);
 
@@ -226,6 +405,7 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
  	*pgids=gids;
 	*numgroups=cur_gid;
 	safe_free(map);
+
 	return True;
 }
 
-- 
cgit 


From e0066d2dd4d9a657d1fbcb474e66a304a64e2a31 Mon Sep 17 00:00:00 2001
From: Jean-François Micouleau <jfm@samba.org>
Date: Thu, 6 Dec 2001 13:09:15 +0000
Subject: again an intrusive patch:

- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the
definition of standard_sub_basic() to cope with that.

- removed the smb.conf: 'domain admin group' and 'domain guest group'
parameters ! We're not playing anymore with the user's group RIDs !

- in get_domain_user_groups(), if the user's gid is a group, put it first
in the group RID list.

I just have to write an HOWTO now ;-)

        J.F.
(This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
---
 source3/rpc_server/srv_util.c | 208 ++++++++++++------------------------------
 1 file changed, 59 insertions(+), 149 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 80090cf6e0..5c781c20ae 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -76,84 +76,10 @@ rid_name domain_group_rids[] =
     { 0                             , NULL }
 };
 
-int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
-{
-  char *ptr;
-  pstring s2;
-  int count;
-  DOM_GID *gids;
-
-  *ppgids = NULL;
-
-  DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
-  if (gids_str == NULL || *gids_str == 0)
-    return 0;
-
-  for (count = 0, ptr = gids_str; 
-       next_token(&ptr, s2, NULL, sizeof(s2)); 
-       count++)
-    ;
-
-  gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count );
-  if(!gids)
-  {
-    DEBUG(0,("make_dom_gids: talloc fail !\n"));
-    return 0;
-  }
-
-  for (count = 0, ptr = gids_str; 
-       next_token(&ptr, s2, NULL, sizeof(s2)) && 
-	       count < LSA_MAX_GROUPS; 
-       count++) 
-  {
-    /* the entries are of the form GID/ATTR, ATTR being optional.*/
-    char *attr;
-    uint32 rid = 0;
-    int i;
-
-    attr = strchr_m(s2,'/');
-    if (attr)
-      *attr++ = 0;
-
-    if (!attr || !*attr)
-      attr = "7"; /* default value for attribute is 7 */
-
-    /* look up the RID string and see if we can turn it into a rid number */
-    for (i = 0; builtin_alias_rids[i].name != NULL; i++)
-    {
-      if (strequal(builtin_alias_rids[i].name, s2))
-      {
-        rid = builtin_alias_rids[i].rid;
-        break;
-      }
-    }
-
-    if (rid == 0)
-      rid = atoi(s2);
-
-    if (rid == 0)
-    {
-      DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
-      count--;
-    }
-    else
-    {
-      gids[count].g_rid = rid;
-      gids[count].attr  = atoi(attr);
-
-      DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
-    }
-  }
-
-  *ppgids = gids;
-  return count;
-}
-
 /*******************************************************************
  gets a domain user's groups
  ********************************************************************/
-NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
+NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
 {
 	SAM_ACCOUNT *sam_pass=NULL;
 	char *sep;
@@ -186,7 +112,7 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
 	sep = lp_winbind_separator();
 
 
-	DEBUG(10,("new_get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
+	DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
 	          sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
 
 	sid_peek_rid(q_sid, &rid);
@@ -195,27 +121,30 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
 	become_root();
 	ret = pdb_getsampwrid(sam_pass, rid);
 	unbecome_root();
-	if (ret == False)
+	if (ret == False) {
+		pdb_free_sam(&sam_pass);
 		return NT_STATUS_NO_SUCH_USER;
+	}
 
 	fstrcpy(user_name, pdb_get_username(sam_pass));
 	grid=pdb_get_group_rid(sam_pass);
 	gid=pdb_get_gid(sam_pass);
 	
 	grp = glist = getgrent_list();
-	if (grp == NULL)
+	if (grp == NULL) {
+		pdb_free_sam(&sam_pass);
 		return NT_STATUS_NO_MEMORY;
-
+	}
 	
 	for (; grp != NULL; grp = grp->next) {
 		if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) {
-			DEBUG(10,("new_get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
+			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
 			continue;
 		}
 		
 		/* if it's not an alias, continue */
 		if (map.sid_name_use!=SID_NAME_ALIAS) {
-			DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+			DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
 			continue;
 		}
 
@@ -224,24 +153,24 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
 		
 		/* if the sid is not in the correct domain, continue */
 		if (!sid_equal(&tmp_sid, sid)) {
-			DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+			DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
 			continue;
 		}
 
 		/* Don't return winbind groups as they are not local! */
 		if (strchr_m(map.nt_name, *sep) != NULL) {
-			DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
+			DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
 			continue;
 		}
 
 		/* Don't return user private groups... */
 		if (Get_Pwnam(map.nt_name) != 0) {
-			DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
+			DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
 			continue;			
 		}
 		
 		/* the group is fine, we can check if there is the user we're looking for */
-		DEBUG(10,("new_get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
+		DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
 		
 		for(num=0; grp->gr_mem[num]!=NULL; num++) {
 			if(strcmp(grp->gr_mem[num], user_name)==0) {
@@ -249,69 +178,70 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
 				
 				new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
 				if (new_rids==NULL) {
-					DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+					DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+					pdb_free_sam(&sam_pass);
 					return NT_STATUS_NO_MEMORY;
 				}
 				rids=new_rids;
 				
 				sid_peek_rid(&map.sid, &(rids[cur_rid]));
-				DEBUG(10,("new_get_alias_user_groups: user found in group %s\n", map.nt_name));
+				DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name));
 				cur_rid++;
 				break;
 			}
 		}
-		
 	}
-	
+
 	grent_free(glist);
-	
+
 	/* now check for the user's gid (the primary group rid) */
 	for (i=0; i<cur_rid && grid!=rids[i]; i++)
 		;
-	
+
 	/* the user's gid is already there */
 	if (i!=cur_rid) {
-		DEBUG(10,("new_get_alias_user_groups: user is already in the list. good.\n"));
+		DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
 		goto done;
 	}
-	
-	DEBUG(10,("new_get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
-	
+
+	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
+
 	if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) {
-		DEBUG(0,("new_get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
-	
+
 	/* the primary group isn't an alias */
 	if (map.sid_name_use!=SID_NAME_ALIAS) {
-		DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
 		goto done;
 	}
 
 	sid_copy(&tmp_sid, &map.sid);
 	sid_split_rid(&tmp_sid, &rid);
-		
+
 	/* if the sid is not in the correct domain, continue */
 	if (!sid_equal(&tmp_sid, sid)) {
-		DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+		DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
 		goto done;
 	}
 
 	/* Don't return winbind groups as they are not local! */
 	if (strchr_m(map.nt_name, *sep) != NULL) {
-		DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
+		DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
 		goto done;
 	}
 
 	/* Don't return user private groups... */
 	if (Get_Pwnam(map.nt_name) != 0) {
-		DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
+		DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
 		goto done;			
 	}
 
 	new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
 	if (new_rids==NULL) {
-		DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+		DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+		pdb_free_sam(&sam_pass);
 		return NT_STATUS_NO_MEMORY;
 	}
 	rids=new_rids;
@@ -322,7 +252,8 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
 done:
  	*prids=rids;
 	*numgroups=cur_rid;
-	
+	pdb_free_sam(&sam_pass);
+
 	return NT_STATUS_OK;
 }
 
@@ -330,7 +261,7 @@ done:
 /*******************************************************************
  gets a domain user's groups
  ********************************************************************/
-BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
+BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
 {
 	GROUP_MAP *map=NULL;
 	int i, num, num_entries, cur_gid=0;
@@ -345,13 +276,12 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
 	fstrcpy(user_name, pdb_get_username(sam_pass));
 	grid=pdb_get_group_rid(sam_pass);
 
-	DEBUG(10,("new_get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
 
 	/* first get the list of the domain groups */
 	if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
 		return False;
-	DEBUG(10,("new_get_domain_user_groups: there are %d mapped groups\n", num_entries));
-
+	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
 
 	/* 
 	 * alloc memory. In the worse case, we alloc memory for nothing.
@@ -364,7 +294,7 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
 	for(i=0; i<num_entries; i++) {
 		if ((grp=getgrgid(map[i].gid)) == NULL) {
 			/* very weird !!! */
-			DEBUG(5,("new_get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
+			DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
 			continue;
 		}
 
@@ -372,8 +302,8 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
 			if(strcmp(grp->gr_mem[num], user_name)==0) {
 				/* we found the user, add the group to the list */
 				sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
-				gids[cur_gid].attr=map[i].sid_name_use;
-				DEBUG(10,("new_get_domain_user_groups: user found in group %s\n", map[i].nt_name));
+				gids[cur_gid].attr=7;
+				DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
 				cur_gid++;
 				break;
 			}
@@ -387,62 +317,42 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
 	
 	/* the user's gid is already there */
 	if (i!=cur_gid) {
+		/* 
+		 * the primary group of the user but be the first one in the list
+		 * don't ask ! JFM.
+		 */
+		gids[i].g_rid=gids[0].g_rid;
+		gids[0].g_rid=grid;
 		goto done;
 	}
 
 	for(i=0; i<num_entries; i++) {
 		sid_peek_rid(&map[i].sid, &tmp_rid);
 		if (tmp_rid==grid) {
-			gids[cur_gid].g_rid=tmp_rid;
-			gids[cur_gid].attr=map[i].sid_name_use;
-			DEBUG(10,("new_get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
+			/* 
+			 * the primary group of the user but be the first one in the list
+			 * don't ask ! JFM.
+			 */
+			gids[cur_gid].g_rid=gids[0].g_rid;
+			gids[0].g_rid=tmp_rid;
+			gids[cur_gid].attr=7;
+			DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
 			cur_gid++;
 			goto done; /* leave the loop early */
 		}
 	}
 
+	DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
+	DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
+
  done:
- 	*pgids=gids;
+	*pgids=gids;
 	*numgroups=cur_gid;
 	safe_free(map);
 
 	return True;
 }
 
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, const char *user)
-{
-	pstring tmp;
-
-	if (domain_groups == NULL || user == NULL) return;
-
-	/* can only be a user or a guest.  cannot be guest _and_ admin */
-	if (user_in_list(user, lp_domain_guest_group()))
-	{
-		slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
-		pstrcat(domain_groups, tmp);
-
-		DEBUG(3,("domain guest group access %s granted\n", tmp));
-	}
-	else
-	{
-		slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
-		pstrcat(domain_groups, tmp);
-
-		DEBUG(3,("domain group access %s granted\n", tmp));
-
-		if (user_in_list(user, lp_domain_admin_group()))
-		{
-			slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
-			pstrcat(domain_groups, tmp);
-
-			DEBUG(3,("domain admin group access %s granted\n", tmp));
-		}
-	}
-}
-
 /*******************************************************************
  Look up a local (domain) rid and return a name and type.
  ********************************************************************/
-- 
cgit 


From eb4e10115310b6ed23b92abac2e79454c80930b1 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 31 Dec 2001 13:46:26 +0000
Subject: - portablitity fixes for cc -64 on irix - fixed gid* bug in
 rpc_server (This used to be commit 48aa90c48c5f0e3054c4acdc49668e222e7c0d36)

---
 source3/rpc_server/srv_util.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 5c781c20ae..14caf89e2f 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -86,7 +86,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	struct sys_grent *glist;
 	struct sys_grent *grp;
 	int i, num, cur_rid=0;
-	gid_t *gid;
+	gid_t gid;
 	GROUP_MAP map;
 	DOM_SID tmp_sid;
 	fstring user_name;
@@ -204,9 +204,9 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		goto done;
 	}
 
-	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
+	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
-	if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) {
+	if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
 		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
-- 
cgit 


From 93a8358910d2b8788ffea33c04244ffd5ffecabf Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 20 Jan 2002 01:24:59 +0000
Subject: This patch makes the 'winbind use default domain' code interact
 better with smbd, and also makes it much cleaner inside winbindd.

It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>.  ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.

The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.

This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).

Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).

I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string.  The actual structures are unchanged
 - but the meaning of 'username' in the 'rid' will have changed.  (The cache is
invalidated at startup, so on-disk formats are not an issue here).

Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
---
 source3/rpc_server/srv_util.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 14caf89e2f..1788512db7 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -82,7 +82,6 @@ rid_name domain_group_rids[] =
 NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
 {
 	SAM_ACCOUNT *sam_pass=NULL;
-	char *sep;
 	struct sys_grent *glist;
 	struct sys_grent *grp;
 	int i, num, cur_rid=0;
@@ -93,6 +92,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	fstring str_domsid, str_qsid;
 	uint32 rid,grid;
 	uint32 *rids=NULL, *new_rids=NULL;
+	gid_t winbind_gid_low, winbind_gid_high;
 	BOOL ret;
 
 	/*
@@ -109,7 +109,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	*prids=NULL;
 	*numgroups=0;
 
-	sep = lp_winbind_separator();
+	lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
 
 
 	DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
@@ -158,7 +158,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		}
 
 		/* Don't return winbind groups as they are not local! */
-		if (strchr_m(map.nt_name, *sep) != NULL) {
+		if ((grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) {
 			DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
 			continue;
 		}
@@ -227,7 +227,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	}
 
 	/* Don't return winbind groups as they are not local! */
-	if (strchr_m(map.nt_name, *sep) != NULL) {
+	if ((gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
 		DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
 		goto done;
 	}
@@ -271,7 +271,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	uint32 grid;
 	uint32 tmp_rid;
 
-	*numgroups=0;
+	*numgroups= 0;
 
 	fstrcpy(user_name, pdb_get_username(sam_pass));
 	grid=pdb_get_group_rid(sam_pass);
-- 
cgit 


From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Wed, 30 Jan 2002 06:08:46 +0000
Subject: Removed version number from file header.

Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
---
 source3/rpc_server/srv_util.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 1788512db7..53bbebb95e 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -1,6 +1,5 @@
 /* 
- *  Unix SMB/Netbios implementation.
- *  Version 1.9.
+ *  Unix SMB/CIFS implementation.
  *  RPC Pipe client / server routines
  *  Copyright (C) Andrew Tridgell              1992-1998
  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
-- 
cgit 


From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 15 Jul 2002 10:35:28 +0000
Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This
 used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)

---
 source3/rpc_server/srv_util.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 53bbebb95e..f896d1d9d8 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -38,6 +38,9 @@
 
 #include "includes.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
+
 /*
  * A list of the rids of well known BUILTIN and Domain users
  * and groups.
@@ -93,6 +96,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	uint32 *rids=NULL, *new_rids=NULL;
 	gid_t winbind_gid_low, winbind_gid_high;
 	BOOL ret;
+	BOOL winbind_groups_exist;
 
 	/*
 	 * this code is far from perfect.
@@ -108,17 +112,15 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	*prids=NULL;
 	*numgroups=0;
 
-	lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
+	winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
 
 
 	DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
 	          sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
 
-	sid_peek_rid(q_sid, &rid);
-
 	pdb_init_sam(&sam_pass);
 	become_root();
-	ret = pdb_getsampwrid(sam_pass, rid);
+	ret = pdb_getsampwsid(sam_pass, q_sid);
 	unbecome_root();
 	if (ret == False) {
 		pdb_free_sam(&sam_pass);
@@ -157,7 +159,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		}
 
 		/* Don't return winbind groups as they are not local! */
-		if ((grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) {
+		if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) {
 			DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
 			continue;
 		}
@@ -226,7 +228,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	}
 
 	/* Don't return winbind groups as they are not local! */
-	if ((gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
+	if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
 		DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
 		goto done;
 	}
@@ -404,6 +406,8 @@ NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
 	return NT_STATUS_NONE_MAPPED;
 }
 
+
+#if 0 /*Nobody uses this function just now*/
 /*******************************************************************
  Look up a local user rid and return a name and type.
  ********************************************************************/
@@ -448,6 +452,8 @@ NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
 	return NT_STATUS_NONE_MAPPED;
 }
 
+#endif
+
 /*******************************************************************
  Look up a local (domain) group name and return a rid
  ********************************************************************/
-- 
cgit 


From 8c53b214da14e7fbfeee3ccf28bddedb55592ab8 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sat, 17 Aug 2002 15:34:15 +0000
Subject: Sync 3.0 branch with HEAD (This used to be commit
 e01596853e3eea533baa08c33f26ded75f33fdd4)

---
 source3/rpc_server/srv_util.c | 62 ++++++++++++++++++++-----------------------
 1 file changed, 29 insertions(+), 33 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f896d1d9d8..50bf5db4fd 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -84,10 +84,10 @@ rid_name domain_group_rids[] =
 NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
 {
 	SAM_ACCOUNT *sam_pass=NULL;
-	struct sys_grent *glist;
-	struct sys_grent *grp;
-	int i, num, cur_rid=0;
+	int i, cur_rid=0;
 	gid_t gid;
+	gid_t *groups = NULL;
+	int num_groups;
 	GROUP_MAP map;
 	DOM_SID tmp_sid;
 	fstring user_name;
@@ -130,16 +130,21 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	fstrcpy(user_name, pdb_get_username(sam_pass));
 	grid=pdb_get_group_rid(sam_pass);
 	gid=pdb_get_gid(sam_pass);
-	
-	grp = glist = getgrent_list();
-	if (grp == NULL) {
+
+	become_root();
+	/* on some systems this must run as root */
+	num_groups = getgroups_user(user_name, &groups);	
+	unbecome_root();
+	if (num_groups == -1) {
+		/* this should never happen */
+		DEBUG(2,("get_alias_user_groups: getgroups_user failed\n"));
 		pdb_free_sam(&sam_pass);
-		return NT_STATUS_NO_MEMORY;
+		return NT_STATUS_UNSUCCESSFUL;
 	}
-	
-	for (; grp != NULL; grp = grp->next) {
-		if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) {
-			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
+
+	for (i=0;i<num_groups;i++) {
+		if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
+			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
 			continue;
 		}
 		
@@ -159,7 +164,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		}
 
 		/* Don't return winbind groups as they are not local! */
-		if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low) && (grp->gr_gid <= winbind_gid_high)) {
+		if (winbind_groups_exist && (groups[i] >= winbind_gid_low) && (groups[i] <= winbind_gid_high)) {
 			DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
 			continue;
 		}
@@ -170,30 +175,21 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 			continue;			
 		}
 		
-		/* the group is fine, we can check if there is the user we're looking for */
-		DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
-		
-		for(num=0; grp->gr_mem[num]!=NULL; num++) {
-			if(strcmp(grp->gr_mem[num], user_name)==0) {
-				/* we found the user, add the group to the list */
-				
-				new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
-				if (new_rids==NULL) {
-					DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
-					pdb_free_sam(&sam_pass);
-					return NT_STATUS_NO_MEMORY;
-				}
-				rids=new_rids;
-				
-				sid_peek_rid(&map.sid, &(rids[cur_rid]));
-				DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name));
-				cur_rid++;
-				break;
-			}
+		new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
+		if (new_rids==NULL) {
+			DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+			pdb_free_sam(&sam_pass);
+			free(groups);
+			return NT_STATUS_NO_MEMORY;
 		}
+		rids=new_rids;
+		
+		sid_peek_rid(&map.sid, &(rids[cur_rid]));
+		cur_rid++;
+		break;
 	}
 
-	grent_free(glist);
+	free(groups);
 
 	/* now check for the user's gid (the primary group rid) */
 	for (i=0; i<cur_rid && grid!=rids[i]; i++)
-- 
cgit 


From 6d7195d1d79c43f5ccc8dc4a9215c02177d5fa89 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 2 Nov 2002 03:47:48 +0000
Subject: Merge passdb from HEAD -> 3.0

The work here includes:
 - metze' set/changed patch, which avoids making changes to ldap on unmodified
attributes.

 - volker's group mapping in passdb patch

 - volker's samsync stuff
 - volkers SAMR changes.

 - mezte's connection caching patch

 - my recent changes (fix magic root check, ldap ssl)

Andrew Bartlett
(This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 50bf5db4fd..519daff1f6 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -276,7 +276,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
 
 	/* first get the list of the domain groups */
-	if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
 		return False;
 	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
 
-- 
cgit 


From 634c54310c92c48dd4eceec602e230a021bdcfc5 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 3 Jan 2003 08:28:12 +0000
Subject: Merge from HEAD - make Samba compile with -Wwrite-strings without
 additional warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
---
 source3/rpc_server/srv_util.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 519daff1f6..1b2ac34a6e 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -455,7 +455,7 @@ NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
  ********************************************************************/
 NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
 {
-	char *grp_name;
+	const char *grp_name;
 	int i = -1; /* start do loop at -1 */
 
 	do /* find, if it exists, a group rid for the group name*/
@@ -472,9 +472,9 @@ NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
 /*******************************************************************
  Look up a local (BUILTIN) alias name and return a rid
  ********************************************************************/
-NTSTATUS local_lookup_alias_rid(char *alias_name, uint32 *rid)
+NTSTATUS local_lookup_alias_rid(const char *alias_name, uint32 *rid)
 {
-	char *als_name;
+	const char *als_name;
 	int i = -1; /* start do loop at -1 */
 
 	do /* find, if it exists, a alias rid for the alias name*/
-- 
cgit 


From 3bc3fabee2d411947dc936372495b5f3a1498031 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 4 Jan 2003 08:54:43 +0000
Subject: Merge from HEAD - extract user's list of SIDs from their NT_TOKEN and
 return this as thier list of groups, rather than do a seperate lookup.  This
 NT_TOKEN is originally initgroups() (or equiv) based.

We currently send all sids in our domain, perhaps this should be further
restricted, but this works for now.

Andrew Bartlett
(This used to be commit f5850928a011211f03e5b9ece37682fd9243e2ba)
---
 source3/rpc_server/srv_util.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 1b2ac34a6e..f33a576db9 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -350,6 +350,35 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	return True;
 }
 
+/*******************************************************************
+ gets a domain user's groups from their already-calculated NT_USER_TOKEN
+ ********************************************************************/
+NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, 
+				const NT_USER_TOKEN *nt_token,
+				int *numgroups, DOM_GID **pgids) 
+{
+	DOM_GID *gids;
+	int i;
+
+	gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
+
+	if (!gids) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*numgroups=0;
+
+	for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
+		if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
+			sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
+			gids[*numgroups].attr=7;
+			(*numgroups)++;
+		}
+	}
+	*pgids = gids; 
+	return NT_STATUS_OK;
+}
+
 /*******************************************************************
  Look up a local (domain) rid and return a name and type.
  ********************************************************************/
-- 
cgit 


From 99cdb462083381c88689a4e698ca48b6ed4cf5ac Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 15 Jan 2003 18:57:41 +0000
Subject: *lots of small merges form HEAD *sync up configure.in *don't build
 torture tools in make all *make sure to remove torture tools as part of make
 clean (This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)

---
 source3/rpc_server/srv_util.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f33a576db9..4eba9c7d1f 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -342,6 +342,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
 	DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
 
+
  done:
 	*pgids=gids;
 	*numgroups=cur_gid;
-- 
cgit 


From c823b191ab476fc2583d6d6aaa1e2edb09cbb88e Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Mon, 12 May 2003 18:12:31 +0000
Subject: And finally IDMAP in 3_0

We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
---
 source3/rpc_server/srv_util.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 4eba9c7d1f..f96ccaef67 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -112,7 +112,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	*prids=NULL;
 	*numgroups=0;
 
-	winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high);
+	winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
 
 
 	DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
@@ -129,7 +129,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	fstrcpy(user_name, pdb_get_username(sam_pass));
 	grid=pdb_get_group_rid(sam_pass);
-	gid=pdb_get_gid(sam_pass);
+	if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
+		/* this should never happen */
+		DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
+		pdb_free_sam(&sam_pass);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
 
 	become_root();
 	/* on some systems this must run as root */
-- 
cgit 


From 75c14a4ee8cdf91c249d2ef608147dc55b70f0ff Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Fri, 16 May 2003 10:48:58 +0000
Subject: another bugfix from Alex Deiter <tiamat@komi.mts.ru> thanks (This
 used to be commit 29dc40639fad7652f7f99995be7552f5143ff052)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f96ccaef67..c43eb22375 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -194,7 +194,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		break;
 	}
 
-	free(groups);
+	if(num_groups) free(groups);
 
 	/* now check for the user's gid (the primary group rid) */
 	for (i=0; i<cur_rid && grid!=rids[i]; i++)
-- 
cgit 


From 75a5c0b307a79536316b651273d3f6983323f5ce Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Wed, 18 Jun 2003 15:24:10 +0000
Subject: Ok, this patch removes the privilege stuff we had in, unused, for
 some time.

The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.

We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.

This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base

Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
---
 source3/rpc_server/srv_util.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index c43eb22375..a97864dbda 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -148,13 +148,14 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	}
 
 	for (i=0;i<num_groups;i++) {
-		if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
+
+		if (!get_group_from_gid(groups[i], &map)) {
 			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
 			continue;
 		}
 		
 		/* if it's not an alias, continue */
-		if (map.sid_name_use!=SID_NAME_ALIAS) {
+		if (map.sid_name_use != SID_NAME_ALIAS) {
 			DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
 			continue;
 		}
@@ -208,7 +209,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
-	if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+	if(!get_group_from_gid(gid, &map)) {
 		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
@@ -281,7 +282,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
 
 	/* first get the list of the domain groups */
-	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
 		return False;
 	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
 
-- 
cgit 


From f5974dfaae680d98b78d600cd1f1aaece332a085 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Sun, 22 Jun 2003 10:09:52 +0000
Subject: Found out a good number of NT_STATUS_IS_ERR used the wrong way. As
 abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK

This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.

Simo.
(This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index a97864dbda..5040b094a8 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -129,7 +129,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	fstrcpy(user_name, pdb_get_username(sam_pass));
 	grid=pdb_get_group_rid(sam_pass);
-	if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
+	if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
 		/* this should never happen */
 		DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
 		pdb_free_sam(&sam_pass);
-- 
cgit 


From d21358308a2a2c86b4e9d23922c7c940b5d1b012 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 23 Jun 2003 18:29:09 +0000
Subject: wrap group enuemration in brcome/unbecome_root() (bug #110) (This
 used to be commit 3918fffc7f07202f4c0b940f877184eea7561135)

---
 source3/rpc_server/srv_util.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 5040b094a8..03e53118a8 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -147,6 +147,8 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
+	become_root();
+	
 	for (i=0;i<num_groups;i++) {
 
 		if (!get_group_from_gid(groups[i], &map)) {
@@ -195,6 +197,8 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		break;
 	}
 
+	unbecome_root();
+	
 	if(num_groups) free(groups);
 
 	/* now check for the user's gid (the primary group rid) */
@@ -209,11 +213,15 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
+	become_root();
+
 	if(!get_group_from_gid(gid, &map)) {
 		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
 
+	unbecome_root();
+
 	/* the primary group isn't an alias */
 	if (map.sid_name_use!=SID_NAME_ALIAS) {
 		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
@@ -281,11 +289,17 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 
 	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
 
+	/* we must wrap this is become/unbecome root for ldap backends */
+	become_root();
+
 	/* first get the list of the domain groups */
 	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
 		return False;
 	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
 
+	unbecome_root();
+	/* end wrapper for group enumeration */
+
 	/* 
 	 * alloc memory. In the worse case, we alloc memory for nothing.
 	 * but I prefer to alloc for nothing
-- 
cgit 


From 49e66508f271c5d548a045a1297652ed5b03494c Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Tue, 19 Aug 2003 04:17:21 +0000
Subject: Fix BUG #314:  api_netUserGetGRoups() was failing prematurely   (also
 fixed the call to return the real groups and not a mocked   up list)

Fixed simple compiler warning in srv_lsa_ds.c
(This used to be commit 6b0e38e01a44d87b844d973318accc456abef857)
---
 source3/rpc_server/srv_util.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 03e53118a8..632d381503 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -307,8 +307,17 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	 */
 	gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) *  num_entries);	
 
-	/* for each group, check if the user is a member of*/
+	/* for each group, check if the user is a member of.  Only include groups 
+	   from this domain */
+	
 	for(i=0; i<num_entries; i++) {
+	
+		if ( !sid_check_is_in_our_domain(&map[i].sid) ) {
+			DEBUG(10,("get_domain_user_groups: skipping check of %s since it is not in our domain\n",
+				map[i].nt_name));
+			continue;
+		}
+			
 		if ((grp=getgrgid(map[i].gid)) == NULL) {
 			/* very weird !!! */
 			DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
-- 
cgit 


From c39f5fea4ad7b57ee8ad4d2b115163f76753f853 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 24 Nov 2003 17:31:38 +0000
Subject: more access fixes for group enumeration in LDAP; bug 281 (This used
 to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)

---
 source3/rpc_server/srv_util.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 632d381503..d5b87b7c10 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -281,6 +281,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	fstring user_name;
 	uint32 grid;
 	uint32 tmp_rid;
+	BOOL ret;
 
 	*numgroups= 0;
 
@@ -290,15 +291,21 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
 	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
 
 	/* we must wrap this is become/unbecome root for ldap backends */
+	
 	become_root();
-
 	/* first get the list of the domain groups */
-	if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
+	ret = pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED);
+	
+	unbecome_root();
+
+	/* end wrapper for group enumeration */
+
+	
+	if ( !ret )
 		return False;
+		
 	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
 
-	unbecome_root();
-	/* end wrapper for group enumeration */
 
 	/* 
 	 * alloc memory. In the worse case, we alloc memory for nothing.
-- 
cgit 


From 3d929b1ce67d945979552fe1ea2c70f6d3925326 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 4 Dec 2003 03:35:46 +0000
Subject: * fix RemoveSidForeignDomain() ; bug 252 * don't fall back to
 unmapped UNIX group for   get_local_group_from_sid() * remove an extra
 become/unbecome_root() pair   from group enumeration (This used to be commit
 da12bbdb0dd9179b1ed457fa009679e2da4a8440)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index d5b87b7c10..c2395e6fae 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -382,7 +382,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
  done:
 	*pgids=gids;
 	*numgroups=cur_gid;
-	safe_free(map);
+	SAFE_FREE(map);
 
 	return True;
 }
-- 
cgit 


From 87fddf6a988dfcdb3f1d3a715df585b6c6efa9d7 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 10 Dec 2003 16:40:17 +0000
Subject: more group lookup access fixes on the neverending bug 281 (This used
 to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d)

---
 source3/rpc_server/srv_util.c | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index c2395e6fae..504e6a83c0 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -147,8 +147,6 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	become_root();
-	
 	for (i=0;i<num_groups;i++) {
 
 		if (!get_group_from_gid(groups[i], &map)) {
@@ -197,9 +195,8 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		break;
 	}
 
-	unbecome_root();
-	
-	if(num_groups) free(groups);
+	if(num_groups) 
+		free(groups);
 
 	/* now check for the user's gid (the primary group rid) */
 	for (i=0; i<cur_rid && grid!=rids[i]; i++)
@@ -213,15 +210,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
-	become_root();
-
 	if(!get_group_from_gid(gid, &map)) {
-		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your "
+		"/etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
 
-	unbecome_root();
-
 	/* the primary group isn't an alias */
 	if (map.sid_name_use!=SID_NAME_ALIAS) {
 		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
-- 
cgit 


From 2197bd26ac1809ca0cee42036c594a97dabe681e Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 1 Apr 2004 15:15:13 +0000
Subject: BUG 1023: surround get_group_from_gid() with become_unbecome_root()
 block (This used to be commit 1aeeb432c75eeb67e9e1323932b37d34da416d37)

---
 source3/rpc_server/srv_util.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 504e6a83c0..5bb8db4e06 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -149,7 +149,11 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	for (i=0;i<num_groups;i++) {
 
-		if (!get_group_from_gid(groups[i], &map)) {
+		become_root();
+		ret = get_group_from_gid(groups[i], &map);
+		unbecome_root();
+		
+		if ( !ret ) {
 			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
 			continue;
 		}
-- 
cgit 


From 3d502114809854a49fab0ff6c14cb6a51a07ab85 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 8 Oct 2004 13:00:47 +0000
Subject: r2865: Add static and remove unused functions that only cload the
 blame-game in finding out who is causing the massive performance problems
 with large LDAP directories.

Andrew Bartlett
(This used to be commit f16ed2616a67c412bc9b78354a5faf673e64cf42)
---
 source3/rpc_server/srv_util.c | 170 +-----------------------------------------
 1 file changed, 3 insertions(+), 167 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 5bb8db4e06..d70054af8c 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -46,7 +46,7 @@
  * and groups.
  */
 
-rid_name builtin_alias_rids[] =
+static const rid_name builtin_alias_rids[] =
 {  
     { BUILTIN_ALIAS_RID_ADMINS       , "Administrators" },
     { BUILTIN_ALIAS_RID_USERS        , "Users" },
@@ -62,7 +62,7 @@ rid_name builtin_alias_rids[] =
 };
 
 /* array lookup of well-known Domain RID users. */
-rid_name domain_user_rids[] =
+static const rid_name domain_user_rids[] =
 {  
     { DOMAIN_USER_RID_ADMIN         , "Administrator" },
     { DOMAIN_USER_RID_GUEST         , "Guest" },
@@ -70,7 +70,7 @@ rid_name domain_user_rids[] =
 };
 
 /* array lookup of well-known Domain RID groups. */
-rid_name domain_group_rids[] =
+static const rid_name domain_group_rids[] =
 {  
     { DOMAIN_GROUP_RID_ADMINS       , "Domain Admins" },
     { DOMAIN_GROUP_RID_USERS        , "Domain Users" },
@@ -414,167 +414,3 @@ NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
 	return NT_STATUS_OK;
 }
 
-/*******************************************************************
- Look up a local (domain) rid and return a name and type.
- ********************************************************************/
-NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)
-{
-	int i = 0; 
-	(*type) = SID_NAME_DOM_GRP;
-
-	DEBUG(5,("lookup_group_name: rid: %d", rid));
-
-	while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
-	{
-		i++;
-	}
-
-	if (domain_group_rids[i].rid != 0)
-	{
-		fstrcpy(group_name, domain_group_rids[i].name);
-		DEBUG(5,(" = %s\n", group_name));
-		return NT_STATUS_OK;
-	}
-
-	DEBUG(5,(" none mapped\n"));
-	return NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- Look up a local alias rid and return a name and type.
- ********************************************************************/
-NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
-{
-	int i = 0; 
-	(*type) = SID_NAME_WKN_GRP;
-
-	DEBUG(5,("lookup_alias_name: rid: %d", rid));
-
-	while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
-	{
-		i++;
-	}
-
-	if (builtin_alias_rids[i].rid != 0)
-	{
-		fstrcpy(alias_name, builtin_alias_rids[i].name);
-		DEBUG(5,(" = %s\n", alias_name));
-		return NT_STATUS_OK;
-	}
-
-	DEBUG(5,(" none mapped\n"));
-	return NT_STATUS_NONE_MAPPED;
-}
-
-
-#if 0 /*Nobody uses this function just now*/
-/*******************************************************************
- Look up a local user rid and return a name and type.
- ********************************************************************/
-NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type)
-{
-	SAM_ACCOUNT *sampwd=NULL;
-	int i = 0;
-	BOOL ret;
-	
-	(*type) = SID_NAME_USER;
-
-	DEBUG(5,("lookup_user_name: rid: %d", rid));
-
-	/* look up the well-known domain user rids first */
-	while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
-	{
-		i++;
-	}
-
-	if (domain_user_rids[i].rid != 0) {
-		fstrcpy(user_name, domain_user_rids[i].name);
-		DEBUG(5,(" = %s\n", user_name));
-		return NT_STATUS_OK;
-	}
-
-	pdb_init_sam(&sampwd);
-
-	/* ok, it's a user.  find the user account */
-	become_root();
-	ret = pdb_getsampwrid(sampwd, rid);
-	unbecome_root();
-
-	if (ret == True) {
-		fstrcpy(user_name, pdb_get_username(sampwd) );
-		DEBUG(5,(" = %s\n", user_name));
-		pdb_free_sam(&sampwd);
-		return NT_STATUS_OK;
-	}
-
-	DEBUG(5,(" none mapped\n"));
-	pdb_free_sam(&sampwd);
-	return NT_STATUS_NONE_MAPPED;
-}
-
-#endif
-
-/*******************************************************************
- Look up a local (domain) group name and return a rid
- ********************************************************************/
-NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid)
-{
-	const char *grp_name;
-	int i = -1; /* start do loop at -1 */
-
-	do /* find, if it exists, a group rid for the group name*/
-	{
-		i++;
-		(*rid) = domain_group_rids[i].rid;
-		grp_name = domain_group_rids[i].name;
-
-	} while (grp_name != NULL && !strequal(grp_name, group_name));
-
-	return (grp_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- Look up a local (BUILTIN) alias name and return a rid
- ********************************************************************/
-NTSTATUS local_lookup_alias_rid(const char *alias_name, uint32 *rid)
-{
-	const char *als_name;
-	int i = -1; /* start do loop at -1 */
-
-	do /* find, if it exists, a alias rid for the alias name*/
-	{
-		i++;
-		(*rid) = builtin_alias_rids[i].rid;
-		als_name = builtin_alias_rids[i].name;
-
-	} while (als_name != NULL && !strequal(als_name, alias_name));
-
-	return (als_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- Look up a local user name and return a rid
- ********************************************************************/
-NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid)
-{
-	SAM_ACCOUNT *sampass=NULL;
-	BOOL ret;
-
-	(*rid) = 0;
-
-	pdb_init_sam(&sampass);
-
-	/* find the user account */
-	become_root();
-	ret = pdb_getsampwnam(sampass, user_name);
-	unbecome_root();
-
-	if (ret == True) {
-		(*rid) = pdb_get_user_rid(sampass);
-		pdb_free_sam(&sampass);
-		return NT_STATUS_OK;
-	}
-
-	pdb_free_sam(&sampass);
-	return NT_STATUS_NONE_MAPPED;
-}
-- 
cgit 


From 4792a8de3057dc9a6e6be43f618407ddb036484e Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 9 Oct 2004 01:44:05 +0000
Subject: r2868: Well, I'm not quite sure what I'm doing back in Samba 3.0, but
 anyway...

I've been grumbling about under-efficient calls in SAMR, and finally
got around to fixing some of them.

We now call sys_getgroups() (which in turn calls initgroups(), until
glibc 3.4 is released) to figure out a user's group membership.  This
is far, far more efficient than scanning all the groups looking for a
match, and is still the 'posix way', just using an effiecient call.

The seperate issue of 'who is in this group' remains, but this one has
been biting some people.

I need to talk to VL about how best to exersise nasty corner cases,
but my initial tests hold strong.  (The code is also much simpiler
than before, which has to count for something :-)

Andrew Bartlett
(This used to be commit dc19f161698dab5b71d61fa2bacc7e7b8da5fbba)
---
 source3/rpc_server/srv_util.c | 153 +++++++++++-------------------------------
 1 file changed, 41 insertions(+), 112 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index d70054af8c..ce8e02fae7 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -3,7 +3,8 @@
  *  RPC Pipe client / server routines
  *  Copyright (C) Andrew Tridgell              1992-1998
  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
- *  Copyright (C) Paul Ashton                  1997-1998.
+ *  Copyright (C) Paul Ashton                  1997-1998,
+ *  Copyright (C) Andrew Bartlett                   2004.
  *  
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -98,17 +99,6 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 	BOOL ret;
 	BOOL winbind_groups_exist;
 
-	/*
-	 * this code is far from perfect.
-	 * first it enumerates the full /etc/group and that can be slow.
-	 * second, it works only with users' SIDs
-	 * whereas the day we support nested groups, it will have to
-	 * support both users's SIDs and domain groups' SIDs
-	 *
-	 * having our own ldap backend would be so much faster !
-	 * we're far from that, but hope one day ;-) JFM.
-	 */
-
 	*prids=NULL;
 	*numgroups=0;
 
@@ -136,11 +126,8 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	become_root();
-	/* on some systems this must run as root */
-	num_groups = getgroups_user(user_name, &groups);	
-	unbecome_root();
-	if (num_groups == -1) {
+	ret = getgroups_user(user_name, &groups, &num_groups);	
+	if (!ret) {
 		/* this should never happen */
 		DEBUG(2,("get_alias_user_groups: getgroups_user failed\n"));
 		pdb_free_sam(&sam_pass);
@@ -272,115 +259,57 @@ done:
  ********************************************************************/
 BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
 {
-	GROUP_MAP *map=NULL;
-	int i, num, num_entries, cur_gid=0;
-	struct group *grp;
-	DOM_GID *gids;
-	fstring user_name;
-	uint32 grid;
-	uint32 tmp_rid;
-	BOOL ret;
-
-	*numgroups= 0;
-
-	fstrcpy(user_name, pdb_get_username(sam_pass));
-	grid=pdb_get_group_rid(sam_pass);
 
-	DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+	const char *username = pdb_get_username(sam_pass);
+	int		n_unix_groups;
+	int		i,j;
+	gid_t *unix_groups;
 
-	/* we must wrap this is become/unbecome root for ldap backends */
+	*numgroups = 0;
+	*pgids   = NULL;
 	
-	become_root();
-	/* first get the list of the domain groups */
-	ret = pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED);
-	
-	unbecome_root();
-
-	/* end wrapper for group enumeration */
-
-	
-	if ( !ret )
+	if (!getgroups_user(username, &unix_groups, &n_unix_groups)) {
 		return False;
-		
-	DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
-
-
-	/* 
-	 * alloc memory. In the worse case, we alloc memory for nothing.
-	 * but I prefer to alloc for nothing
-	 * than reallocing everytime.
-	 */
-	gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) *  num_entries);	
+	}
 
-	/* for each group, check if the user is a member of.  Only include groups 
-	   from this domain */
+	/* now setup the space for storing the SIDS */
 	
-	for(i=0; i<num_entries; i++) {
+	if (n_unix_groups > 0) {
 	
-		if ( !sid_check_is_in_our_domain(&map[i].sid) ) {
-			DEBUG(10,("get_domain_user_groups: skipping check of %s since it is not in our domain\n",
-				map[i].nt_name));
-			continue;
-		}
-			
-		if ((grp=getgrgid(map[i].gid)) == NULL) {
-			/* very weird !!! */
-			DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
-			continue;
-		}
-
-		for(num=0; grp->gr_mem[num]!=NULL; num++) {
-			if(strcmp(grp->gr_mem[num], user_name)==0) {
-				/* we found the user, add the group to the list */
-				sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
-				gids[cur_gid].attr=7;
-				DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
-				cur_gid++;
-				break;
-			}
+		*pgids   = talloc(ctx, sizeof(DOM_GID) * n_unix_groups);
+		
+		if (!*pgids) {
+			DEBUG(0, ("get_user_group: malloc() failed for DOM_GID list!\n"));
+			SAFE_FREE(unix_groups);
+			return False;
 		}
 	}
 
-	/* we have checked the groups */
-	/* we must now check the gid of the user or the primary group rid, that's the same */
-	for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++)
-		;
-	
-	/* the user's gid is already there */
-	if (i!=cur_gid) {
-		/* 
-		 * the primary group of the user but be the first one in the list
-		 * don't ask ! JFM.
-		 */
-		gids[i].g_rid=gids[0].g_rid;
-		gids[0].g_rid=grid;
-		goto done;
-	}
-
-	for(i=0; i<num_entries; i++) {
-		sid_peek_rid(&map[i].sid, &tmp_rid);
-		if (tmp_rid==grid) {
-			/* 
-			 * the primary group of the user but be the first one in the list
-			 * don't ask ! JFM.
-			 */
-			gids[cur_gid].g_rid=gids[0].g_rid;
-			gids[0].g_rid=tmp_rid;
-			gids[cur_gid].attr=7;
-			DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
-			cur_gid++;
-			goto done; /* leave the loop early */
+	become_root();
+	j = 0;
+	for (i = 0; i < n_unix_groups; i++) {
+		GROUP_MAP map;
+		uint32 rid;
+		
+		if (!pdb_getgrgid(&map, unix_groups[i])) {
+			DEBUG(3, ("get_user_groups: failed to convert gid %ld to a domain group!\n", 
+				(long int)unix_groups[i+1]));
+			if (i == 0) {
+				DEBUG(1,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", username));
+				DEBUGADD(1,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
+			}
+		} else if ((map.sid_name_use == SID_NAME_DOM_GRP)
+			   && sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)) {
+			(*pgids)[j].attr=7;
+			(*pgids)[j].g_rid=rid;
+			j++;
 		}
 	}
+	unbecome_root();
 
-	DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
-	DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
-
+	*numgroups = j;
 
- done:
-	*pgids=gids;
-	*numgroups=cur_gid;
-	SAFE_FREE(map);
+	SAFE_FREE(unix_groups);
 
 	return True;
 }
-- 
cgit 


From 154d5f913b4ce60f731227eb1bb3650c45fcde93 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Fri, 5 Nov 2004 23:34:00 +0000
Subject: r3566: Completely replace the queryuseraliases call. The previous
 implementation does not exactly match what you would expect.

XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.

Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
---
 source3/rpc_server/srv_util.c | 175 ------------------------------------------
 1 file changed, 175 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index ce8e02fae7..215471b444 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -79,181 +79,6 @@ static const rid_name domain_group_rids[] =
     { 0                             , NULL }
 };
 
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
-{
-	SAM_ACCOUNT *sam_pass=NULL;
-	int i, cur_rid=0;
-	gid_t gid;
-	gid_t *groups = NULL;
-	int num_groups;
-	GROUP_MAP map;
-	DOM_SID tmp_sid;
-	fstring user_name;
-	fstring str_domsid, str_qsid;
-	uint32 rid,grid;
-	uint32 *rids=NULL, *new_rids=NULL;
-	gid_t winbind_gid_low, winbind_gid_high;
-	BOOL ret;
-	BOOL winbind_groups_exist;
-
-	*prids=NULL;
-	*numgroups=0;
-
-	winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
-
-
-	DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", 
-	          sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
-
-	pdb_init_sam(&sam_pass);
-	become_root();
-	ret = pdb_getsampwsid(sam_pass, q_sid);
-	unbecome_root();
-	if (ret == False) {
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_NO_SUCH_USER;
-	}
-
-	fstrcpy(user_name, pdb_get_username(sam_pass));
-	grid=pdb_get_group_rid(sam_pass);
-	if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
-		/* this should never happen */
-		DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	ret = getgroups_user(user_name, &groups, &num_groups);	
-	if (!ret) {
-		/* this should never happen */
-		DEBUG(2,("get_alias_user_groups: getgroups_user failed\n"));
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	for (i=0;i<num_groups;i++) {
-
-		become_root();
-		ret = get_group_from_gid(groups[i], &map);
-		unbecome_root();
-		
-		if ( !ret ) {
-			DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
-			continue;
-		}
-		
-		/* if it's not an alias, continue */
-		if (map.sid_name_use != SID_NAME_ALIAS) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
-			continue;
-		}
-
-		sid_copy(&tmp_sid, &map.sid);
-		sid_split_rid(&tmp_sid, &rid);
-		
-		/* if the sid is not in the correct domain, continue */
-		if (!sid_equal(&tmp_sid, sid)) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
-			continue;
-		}
-
-		/* Don't return winbind groups as they are not local! */
-		if (winbind_groups_exist && (groups[i] >= winbind_gid_low) && (groups[i] <= winbind_gid_high)) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
-			continue;
-		}
-
-		/* Don't return user private groups... */
-		if (Get_Pwnam(map.nt_name) != 0) {
-			DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
-			continue;			
-		}
-		
-		new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
-		if (new_rids==NULL) {
-			DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
-			pdb_free_sam(&sam_pass);
-			free(groups);
-			return NT_STATUS_NO_MEMORY;
-		}
-		rids=new_rids;
-		
-		sid_peek_rid(&map.sid, &(rids[cur_rid]));
-		cur_rid++;
-		break;
-	}
-
-	if(num_groups) 
-		free(groups);
-
-	/* now check for the user's gid (the primary group rid) */
-	for (i=0; i<cur_rid && grid!=rids[i]; i++)
-		;
-
-	/* the user's gid is already there */
-	if (i!=cur_rid) {
-		DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
-		goto done;
-	}
-
-	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
-
-	if(!get_group_from_gid(gid, &map)) {
-		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your "
-		"/etc/passwd and /etc/group files\n", user_name));
-		goto done;
-	}	
-
-	/* the primary group isn't an alias */
-	if (map.sid_name_use!=SID_NAME_ALIAS) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
-		goto done;
-	}
-
-	sid_copy(&tmp_sid, &map.sid);
-	sid_split_rid(&tmp_sid, &rid);
-
-	/* if the sid is not in the correct domain, continue */
-	if (!sid_equal(&tmp_sid, sid)) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
-		goto done;
-	}
-
-	/* Don't return winbind groups as they are not local! */
-	if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
-		goto done;
-	}
-
-	/* Don't return user private groups... */
-	if (Get_Pwnam(map.nt_name) != 0) {
-		DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
-		goto done;			
-	}
-
-	new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
-	if (new_rids==NULL) {
-		DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
-		pdb_free_sam(&sam_pass);
-		return NT_STATUS_NO_MEMORY;
-	}
-	rids=new_rids;
-
- 	sid_peek_rid(&map.sid, &(rids[cur_rid]));
-	cur_rid++;
-
-done:
- 	*prids=rids;
-	*numgroups=cur_rid;
-	pdb_free_sam(&sam_pass);
-
-	return NT_STATUS_OK;
-}
-
-
 /*******************************************************************
  gets a domain user's groups
  ********************************************************************/
-- 
cgit 


From f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Fri, 12 Nov 2004 15:49:47 +0000
Subject: r3705: Nobody has commented, so I'll take this as an ack...

abartlet, I'd like to ask you to take a severe look at this!

We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.

The parameter to activate this ldapsam behaviour is

ldapsam:trusted = yes

Volker
(This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
---
 source3/rpc_server/srv_util.c | 59 -------------------------------------------
 1 file changed, 59 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 215471b444..2689d89972 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -79,65 +79,6 @@ static const rid_name domain_group_rids[] =
     { 0                             , NULL }
 };
 
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
-{
-
-	const char *username = pdb_get_username(sam_pass);
-	int		n_unix_groups;
-	int		i,j;
-	gid_t *unix_groups;
-
-	*numgroups = 0;
-	*pgids   = NULL;
-	
-	if (!getgroups_user(username, &unix_groups, &n_unix_groups)) {
-		return False;
-	}
-
-	/* now setup the space for storing the SIDS */
-	
-	if (n_unix_groups > 0) {
-	
-		*pgids   = talloc(ctx, sizeof(DOM_GID) * n_unix_groups);
-		
-		if (!*pgids) {
-			DEBUG(0, ("get_user_group: malloc() failed for DOM_GID list!\n"));
-			SAFE_FREE(unix_groups);
-			return False;
-		}
-	}
-
-	become_root();
-	j = 0;
-	for (i = 0; i < n_unix_groups; i++) {
-		GROUP_MAP map;
-		uint32 rid;
-		
-		if (!pdb_getgrgid(&map, unix_groups[i])) {
-			DEBUG(3, ("get_user_groups: failed to convert gid %ld to a domain group!\n", 
-				(long int)unix_groups[i+1]));
-			if (i == 0) {
-				DEBUG(1,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", username));
-				DEBUGADD(1,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
-			}
-		} else if ((map.sid_name_use == SID_NAME_DOM_GRP)
-			   && sid_peek_check_rid(get_global_sam_sid(), &map.sid, &rid)) {
-			(*pgids)[j].attr=7;
-			(*pgids)[j].g_rid=rid;
-			j++;
-		}
-	}
-	unbecome_root();
-
-	*numgroups = j;
-
-	SAFE_FREE(unix_groups);
-
-	return True;
-}
 
 /*******************************************************************
  gets a domain user's groups from their already-calculated NT_USER_TOKEN
-- 
cgit 


From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 7 Dec 2004 18:25:53 +0000
Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of
 all our allocation functions so we can funnel through some well known
 functions. Should help greatly with malloc checking. HEAD patch to follow.
 Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 2689d89972..802e7673a4 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -90,7 +90,7 @@ NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
 	DOM_GID *gids;
 	int i;
 
-	gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
+	gids = TALLOC_ARRAY(mem_ctx, DOM_GID, nt_token->num_sids);
 
 	if (!gids) {
 		return NT_STATUS_NO_MEMORY;
-- 
cgit 


From 40295c41dbba119f6b4e32647fb70f51ebf390a0 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Tue, 22 Mar 2005 14:48:18 +0000
Subject: r5948: more compile cleanups from Jason Mader (This used to be commit
 cc6c769c3c26164919dd13777d671abe02c084d9)

---
 source3/rpc_server/srv_util.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 802e7673a4..79d5d06d23 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -42,6 +42,7 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
+#if 0	/* these aren't used currently but are here if you need them */
 /*
  * A list of the rids of well known BUILTIN and Domain users
  * and groups.
@@ -78,7 +79,7 @@ static const rid_name domain_group_rids[] =
     { DOMAIN_GROUP_RID_GUESTS       , "Domain Guests" },
     { 0                             , NULL }
 };
-
+#endif
 
 /*******************************************************************
  gets a domain user's groups from their already-calculated NT_USER_TOKEN
-- 
cgit 


From 4826f9d41322649111be7495ede60a8939ad2995 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 22 Nov 2005 14:41:40 +0000
Subject: r11859: Another place where the SE_GROUP constants read better then
 "7".

Guenther
(This used to be commit 4c4b2096459ffa6ca0130f1259499933e3182d47)
---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 79d5d06d23..3666d47478 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -102,7 +102,7 @@ NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
 	for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
 		if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
 			sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
-			gids[*numgroups].attr=7;
+			gids[*numgroups].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED);
 			(*numgroups)++;
 		}
 	}
-- 
cgit 


From 4ce649984982fc5b9c83c7685182951352bca12d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Sat, 26 Nov 2005 19:17:57 +0000
Subject: r11917: Move nt_token_to_group_list to srv_netlog_nt.c. srv_util.c is
 empty now.

Volker
(This used to be commit ae4ffc1cfb745a756d047c35f947f80acf4b0e55)
---
 source3/rpc_server/srv_util.c | 29 -----------------------------
 1 file changed, 29 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 3666d47478..924e08cc23 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -81,32 +81,3 @@ static const rid_name domain_group_rids[] =
 };
 #endif
 
-/*******************************************************************
- gets a domain user's groups from their already-calculated NT_USER_TOKEN
- ********************************************************************/
-NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, 
-				const NT_USER_TOKEN *nt_token,
-				int *numgroups, DOM_GID **pgids) 
-{
-	DOM_GID *gids;
-	int i;
-
-	gids = TALLOC_ARRAY(mem_ctx, DOM_GID, nt_token->num_sids);
-
-	if (!gids) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	*numgroups=0;
-
-	for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) {
-		if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) {
-			sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid));
-			gids[*numgroups].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED);
-			(*numgroups)++;
-		}
-	}
-	*pgids = gids; 
-	return NT_STATUS_OK;
-}
-
-- 
cgit 


From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 9 Jul 2007 19:25:36 +0000
Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to
 be commit 407e6e695b8366369b7c76af1ff76869b45347b3)

---
 source3/rpc_server/srv_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 924e08cc23..a209bb1da4 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -8,7 +8,7 @@
  *  
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
+ *  the Free Software Foundation; either version 3 of the License, or
  *  (at your option) any later version.
  *  
  *  This program is distributed in the hope that it will be useful,
-- 
cgit 


From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 10 Jul 2007 05:23:25 +0000
Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave
 address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)

---
 source3/rpc_server/srv_util.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index a209bb1da4..d4804b98ad 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -17,8 +17,7 @@
  *  GNU General Public License for more details.
  *  
  *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
 /*  this module apparently provides an implementation of DCE/RPC over a
-- 
cgit