From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/rpc_server/srv_dfs.c | 587 +++++++++++++++++++++++++++++++----- source3/rpc_server/srv_dfs_nt.c | 406 ++++++++++++++++--------- source3/rpc_server/srv_lsa_nt.c | 256 ++++++++-------- source3/rpc_server/srv_netlog_nt.c | 96 +++--- source3/rpc_server/srv_pipe.c | 5 +- source3/rpc_server/srv_pipe_hnd.c | 5 +- source3/rpc_server/srv_samr_nt.c | 279 +++++++++-------- source3/rpc_server/srv_spoolss_nt.c | 20 +- source3/rpc_server/srv_srvsvc_nt.c | 208 +------------ 9 files changed, 1129 insertions(+), 733 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_dfs.c b/source3/rpc_server/srv_dfs.c index 42be7c5a35..44a9c06a3c 100644 --- a/source3/rpc_server/srv_dfs.c +++ b/source3/rpc_server/srv_dfs.c @@ -1,177 +1,602 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines for Dfs - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Shirish Kalele 2000, - * Copyright (C) Jeremy Allison 2001, - * Copyright (C) Jim McDonough 2003. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +/* + * Unix SMB/CIFS implementation. + * server auto-generated by pidl. DO NOT MODIFY! */ -/* This is the interface to the dfs pipe. */ - #include "includes.h" #include "nterr.h" #undef DBGC_CLASS -#define DBGC_CLASS DBGC_MSDFS +#define DBGC_CLASS DBGC_RPC -/********************************************************************** - api_dfs_exist - **********************************************************************/ +/****************************************************************** + api_dfs_GetManagerVersion + *****************************************************************/ -static BOOL api_dfs_exist(pipes_struct *p) +static BOOL api_dfs_GetManagerVersion(pipes_struct *p) { - DFS_Q_DFS_EXIST q_u; - DFS_R_DFS_EXIST r_u; + NETDFS_Q_DFS_GETMANAGERVERSION q_u; + NETDFS_R_DFS_GETMANAGERVERSION r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_GetManagerVersion("", &q_u, data, 0)) + return False; + + _dfs_GetManagerVersion(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_GetManagerVersion("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_Add + *****************************************************************/ - if(!dfs_io_q_dfs_exist("", &q_u, data, 0)) +static BOOL api_dfs_Add(pipes_struct *p) +{ + NETDFS_Q_DFS_ADD q_u; + NETDFS_R_DFS_ADD r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_Add("", &q_u, data, 0)) return False; - r_u.status = _dfs_exist(p, &q_u, &r_u); + r_u.status = _dfs_Add(p, &q_u, &r_u); - if (!dfs_io_r_dfs_exist("", &r_u, rdata, 0)) + if (!netdfs_io_r_dfs_Add("", &r_u, rdata, 0)) return False; + + return True; +} +/****************************************************************** + api_dfs_Remove + *****************************************************************/ +static BOOL api_dfs_Remove(pipes_struct *p) +{ + NETDFS_Q_DFS_REMOVE q_u; + NETDFS_R_DFS_REMOVE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_Remove("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_Remove(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_Remove("", &r_u, rdata, 0)) + return False; + return True; } +/****************************************************************** + api_dfs_SetInfo + *****************************************************************/ -/***************************************************************** - api_dfs_add +static BOOL api_dfs_SetInfo(pipes_struct *p) +{ + NETDFS_Q_DFS_SETINFO q_u; + NETDFS_R_DFS_SETINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_SetInfo("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_SetInfo(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_SetInfo("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_GetInfo *****************************************************************/ -static BOOL api_dfs_add(pipes_struct *p) +static BOOL api_dfs_GetInfo(pipes_struct *p) { - DFS_Q_DFS_ADD q_u; - DFS_R_DFS_ADD r_u; + NETDFS_Q_DFS_GETINFO q_u; + NETDFS_R_DFS_GETINFO r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_GetInfo("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_GetInfo(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_GetInfo("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_Enum + *****************************************************************/ +static BOOL api_dfs_Enum(pipes_struct *p) +{ + NETDFS_Q_DFS_ENUM q_u; + NETDFS_R_DFS_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!dfs_io_q_dfs_add("", &q_u, data, 0)) + if (!netdfs_io_q_dfs_Enum("", &q_u, data, 0)) return False; - r_u.status = _dfs_add(p, &q_u, &r_u); + r_u.status = _dfs_Enum(p, &q_u, &r_u); - if (!dfs_io_r_dfs_add("", &r_u, rdata, 0)) + if (!netdfs_io_r_dfs_Enum("", &r_u, rdata, 0)) return False; return True; } +/****************************************************************** + api_dfs_Rename + *****************************************************************/ -/***************************************************************** - api_dfs_remove +static BOOL api_dfs_Rename(pipes_struct *p) +{ + NETDFS_Q_DFS_RENAME q_u; + NETDFS_R_DFS_RENAME r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_Rename("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_Rename(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_Rename("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_Move *****************************************************************/ -static BOOL api_dfs_remove(pipes_struct *p) +static BOOL api_dfs_Move(pipes_struct *p) { - DFS_Q_DFS_REMOVE q_u; - DFS_R_DFS_REMOVE r_u; + NETDFS_Q_DFS_MOVE q_u; + NETDFS_R_DFS_MOVE r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!dfs_io_q_dfs_remove("", &q_u, data, 0)) + if (!netdfs_io_q_dfs_Move("", &q_u, data, 0)) return False; - r_u.status = _dfs_remove(p, &q_u, &r_u); + r_u.status = _dfs_Move(p, &q_u, &r_u); - if (!dfs_io_r_dfs_remove("", &r_u, rdata, 0)) + if (!netdfs_io_r_dfs_Move("", &r_u, rdata, 0)) return False; return True; } +/****************************************************************** + api_dfs_ManagerGetConfigInfo + *****************************************************************/ -/******************************************************************* - api_dfs_get_info - *******************************************************************/ +static BOOL api_dfs_ManagerGetConfigInfo(pipes_struct *p) +{ + NETDFS_Q_DFS_MANAGERGETCONFIGINFO q_u; + NETDFS_R_DFS_MANAGERGETCONFIGINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_ManagerGetConfigInfo("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_ManagerGetConfigInfo(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_ManagerGetConfigInfo("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_ManagerSendSiteInfo + *****************************************************************/ -static BOOL api_dfs_get_info(pipes_struct *p) +static BOOL api_dfs_ManagerSendSiteInfo(pipes_struct *p) { - DFS_Q_DFS_GET_INFO q_u; - DFS_R_DFS_GET_INFO r_u; + NETDFS_Q_DFS_MANAGERSENDSITEINFO q_u; + NETDFS_R_DFS_MANAGERSENDSITEINFO r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_ManagerSendSiteInfo("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_ManagerSendSiteInfo(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_ManagerSendSiteInfo("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_AddFtRoot + *****************************************************************/ +static BOOL api_dfs_AddFtRoot(pipes_struct *p) +{ + NETDFS_Q_DFS_ADDFTROOT q_u; + NETDFS_R_DFS_ADDFTROOT r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!dfs_io_q_dfs_get_info("", &q_u, data, 0)) + if (!netdfs_io_q_dfs_AddFtRoot("", &q_u, data, 0)) return False; - r_u.status = _dfs_get_info(p, &q_u, &r_u); + r_u.status = _dfs_AddFtRoot(p, &q_u, &r_u); - if(!dfs_io_r_dfs_get_info("", &r_u, rdata, 0)) + if (!netdfs_io_r_dfs_AddFtRoot("", &r_u, rdata, 0)) return False; + + return True; +} +/****************************************************************** + api_dfs_RemoveFtRoot + *****************************************************************/ +static BOOL api_dfs_RemoveFtRoot(pipes_struct *p) +{ + NETDFS_Q_DFS_REMOVEFTROOT q_u; + NETDFS_R_DFS_REMOVEFTROOT r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_RemoveFtRoot("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_RemoveFtRoot(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_RemoveFtRoot("", &r_u, rdata, 0)) + return False; + return True; } +/****************************************************************** + api_dfs_AddStdRoot + *****************************************************************/ -/******************************************************************* - api_dfs_enum - *******************************************************************/ +static BOOL api_dfs_AddStdRoot(pipes_struct *p) +{ + NETDFS_Q_DFS_ADDSTDROOT q_u; + NETDFS_R_DFS_ADDSTDROOT r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_AddStdRoot("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_AddStdRoot(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_AddStdRoot("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_RemoveStdRoot + *****************************************************************/ -static BOOL api_dfs_enum(pipes_struct *p) +static BOOL api_dfs_RemoveStdRoot(pipes_struct *p) { - DFS_Q_DFS_ENUM q_u; - DFS_R_DFS_ENUM r_u; + NETDFS_Q_DFS_REMOVESTDROOT q_u; + NETDFS_R_DFS_REMOVESTDROOT r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_RemoveStdRoot("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_RemoveStdRoot(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_RemoveStdRoot("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_ManagerInitialize + *****************************************************************/ +static BOOL api_dfs_ManagerInitialize(pipes_struct *p) +{ + NETDFS_Q_DFS_MANAGERINITIALIZE q_u; + NETDFS_R_DFS_MANAGERINITIALIZE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_ManagerInitialize("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_ManagerInitialize(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_ManagerInitialize("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_AddStdRootForced + *****************************************************************/ - if(!dfs_io_q_dfs_enum("", &q_u, data, 0)) +static BOOL api_dfs_AddStdRootForced(pipes_struct *p) +{ + NETDFS_Q_DFS_ADDSTDROOTFORCED q_u; + NETDFS_R_DFS_ADDSTDROOTFORCED r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_AddStdRootForced("", &q_u, data, 0)) return False; - r_u.status = _dfs_enum(p, &q_u, &r_u); + r_u.status = _dfs_AddStdRootForced(p, &q_u, &r_u); - if(!dfs_io_r_dfs_enum("", &r_u, rdata, 0)) + if (!netdfs_io_r_dfs_AddStdRootForced("", &r_u, rdata, 0)) return False; + + return True; +} +/****************************************************************** + api_dfs_GetDcAddress + *****************************************************************/ +static BOOL api_dfs_GetDcAddress(pipes_struct *p) +{ + NETDFS_Q_DFS_GETDCADDRESS q_u; + NETDFS_R_DFS_GETDCADDRESS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_GetDcAddress("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_GetDcAddress(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_GetDcAddress("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_SetDcAddress + *****************************************************************/ + +static BOOL api_dfs_SetDcAddress(pipes_struct *p) +{ + NETDFS_Q_DFS_SETDCADDRESS q_u; + NETDFS_R_DFS_SETDCADDRESS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_SetDcAddress("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_SetDcAddress(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_SetDcAddress("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_FlushFtTable + *****************************************************************/ + +static BOOL api_dfs_FlushFtTable(pipes_struct *p) +{ + NETDFS_Q_DFS_FLUSHFTTABLE q_u; + NETDFS_R_DFS_FLUSHFTTABLE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_FlushFtTable("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_FlushFtTable(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_FlushFtTable("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_Add2 + *****************************************************************/ + +static BOOL api_dfs_Add2(pipes_struct *p) +{ + NETDFS_Q_DFS_ADD2 q_u; + NETDFS_R_DFS_ADD2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_Add2("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_Add2(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_Add2("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_Remove2 + *****************************************************************/ + +static BOOL api_dfs_Remove2(pipes_struct *p) +{ + NETDFS_Q_DFS_REMOVE2 q_u; + NETDFS_R_DFS_REMOVE2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_Remove2("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_Remove2(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_Remove2("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_EnumEx + *****************************************************************/ + +static BOOL api_dfs_EnumEx(pipes_struct *p) +{ + NETDFS_Q_DFS_ENUMEX q_u; + NETDFS_R_DFS_ENUMEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_EnumEx("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_EnumEx(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_EnumEx("", &r_u, rdata, 0)) + return False; + + return True; +} +/****************************************************************** + api_dfs_SetInfo2 + *****************************************************************/ + +static BOOL api_dfs_SetInfo2(pipes_struct *p) +{ + NETDFS_Q_DFS_SETINFO2 q_u; + NETDFS_R_DFS_SETINFO2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!netdfs_io_q_dfs_SetInfo2("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_SetInfo2(p, &q_u, &r_u); + + if (!netdfs_io_r_dfs_SetInfo2("", &r_u, rdata, 0)) + return False; + return True; } -/******************************************************************* -\pipe\netdfs commands -********************************************************************/ -static struct api_struct api_netdfs_cmds[] = +/* Tables */ +static struct api_struct api_netdfs_cmds[] = { - {"DFS_EXIST", DFS_EXIST, api_dfs_exist }, - {"DFS_ADD", DFS_ADD, api_dfs_add }, - {"DFS_REMOVE", DFS_REMOVE, api_dfs_remove }, - {"DFS_GET_INFO", DFS_GET_INFO, api_dfs_get_info }, - {"DFS_ENUM", DFS_ENUM, api_dfs_enum } + {"DFS_GETMANAGERVERSION", DFS_GETMANAGERVERSION, api_dfs_GetManagerVersion}, + {"DFS_ADD", DFS_ADD, api_dfs_Add}, + {"DFS_REMOVE", DFS_REMOVE, api_dfs_Remove}, + {"DFS_SETINFO", DFS_SETINFO, api_dfs_SetInfo}, + {"DFS_GETINFO", DFS_GETINFO, api_dfs_GetInfo}, + {"DFS_ENUM", DFS_ENUM, api_dfs_Enum}, + {"DFS_RENAME", DFS_RENAME, api_dfs_Rename}, + {"DFS_MOVE", DFS_MOVE, api_dfs_Move}, + {"DFS_MANAGERGETCONFIGINFO", DFS_MANAGERGETCONFIGINFO, api_dfs_ManagerGetConfigInfo}, + {"DFS_MANAGERSENDSITEINFO", DFS_MANAGERSENDSITEINFO, api_dfs_ManagerSendSiteInfo}, + {"DFS_ADDFTROOT", DFS_ADDFTROOT, api_dfs_AddFtRoot}, + {"DFS_REMOVEFTROOT", DFS_REMOVEFTROOT, api_dfs_RemoveFtRoot}, + {"DFS_ADDSTDROOT", DFS_ADDSTDROOT, api_dfs_AddStdRoot}, + {"DFS_REMOVESTDROOT", DFS_REMOVESTDROOT, api_dfs_RemoveStdRoot}, + {"DFS_MANAGERINITIALIZE", DFS_MANAGERINITIALIZE, api_dfs_ManagerInitialize}, + {"DFS_ADDSTDROOTFORCED", DFS_ADDSTDROOTFORCED, api_dfs_AddStdRootForced}, + {"DFS_GETDCADDRESS", DFS_GETDCADDRESS, api_dfs_GetDcAddress}, + {"DFS_SETDCADDRESS", DFS_SETDCADDRESS, api_dfs_SetDcAddress}, + {"DFS_FLUSHFTTABLE", DFS_FLUSHFTTABLE, api_dfs_FlushFtTable}, + {"DFS_ADD2", DFS_ADD2, api_dfs_Add2}, + {"DFS_REMOVE2", DFS_REMOVE2, api_dfs_Remove2}, + {"DFS_ENUMEX", DFS_ENUMEX, api_dfs_EnumEx}, + {"DFS_SETINFO2", DFS_SETINFO2, api_dfs_SetInfo2}, }; -void netdfs_get_pipe_fns( struct api_struct **fns, int *n_fns ) +void netdfs_get_pipe_fns(struct api_struct **fns, int *n_fns) { *fns = api_netdfs_cmds; *n_fns = sizeof(api_netdfs_cmds) / sizeof(struct api_struct); } -NTSTATUS rpc_dfs_init(void) +NTSTATUS rpc_netdfs_init(void) { - return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "netdfs", "netdfs", api_netdfs_cmds, - sizeof(api_netdfs_cmds) / sizeof(struct api_struct)); + return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "netdfs", "netdfs", api_netdfs_cmds, sizeof(api_netdfs_cmds) / sizeof(struct api_struct)); } diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c index 63e4d4e9b7..f04d8c37c3 100644 --- a/source3/rpc_server/srv_dfs_nt.c +++ b/source3/rpc_server/srv_dfs_nt.c @@ -1,10 +1,9 @@ /* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines for Dfs - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Shirish Kalele 2000. - * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Shirish Kalele 2000. + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Jelmer Vernooij 2005. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,7 +23,6 @@ /* This is the implementation of the dfs pipe. */ #include "includes.h" -#include "nterr.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_MSDFS @@ -32,7 +30,7 @@ /* This function does not return a WERROR or NTSTATUS code but rather 1 if dfs exists, or 0 otherwise. */ -uint32 _dfs_exist(pipes_struct *p, DFS_Q_DFS_EXIST *q_u, DFS_R_DFS_EXIST *r_u) +uint32 _dfs_GetManagerVersion(pipes_struct *p, NETDFS_Q_DFS_GETMANAGERVERSION *q_u, NETDFS_R_DFS_GETMANAGERVERSION *r_u) { if(lp_host_msdfs()) return 1; @@ -40,7 +38,7 @@ uint32 _dfs_exist(pipes_struct *p, DFS_Q_DFS_EXIST *q_u, DFS_R_DFS_EXIST *r_u) return 0; } -WERROR _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u) +WERROR _dfs_Add(pipes_struct *p, NETDFS_Q_DFS_ADD* q_u, NETDFS_R_DFS_ADD *r_u) { struct current_user user; struct junction_map jn; @@ -57,9 +55,9 @@ WERROR _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u) return WERR_ACCESS_DENIED; } - unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1); - unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1); - unistr2_to_ascii(sharename, &q_u->ShareName, sizeof(sharename)-1); + unistr2_to_ascii(dfspath, &q_u->path, sizeof(dfspath)-1); + unistr2_to_ascii(servername, &q_u->server, sizeof(servername)-1); + unistr2_to_ascii(sharename, &q_u->share, sizeof(sharename)-1); DEBUG(5,("init_reply_dfs_add: Request to add %s -> %s\\%s.\n", dfspath, servername, sharename)); @@ -103,8 +101,8 @@ WERROR _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u) return WERR_OK; } -WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, - DFS_R_DFS_REMOVE *r_u) +WERROR _dfs_Remove(pipes_struct *p, NETDFS_Q_DFS_REMOVE *q_u, + NETDFS_R_DFS_REMOVE *r_u) { struct current_user user; struct junction_map jn; @@ -120,16 +118,16 @@ WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, return WERR_ACCESS_DENIED; } - unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1); - if(q_u->ptr_ServerName) { - unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1); + unistr2_to_ascii(dfspath, &q_u->path, sizeof(dfspath)-1); + if(q_u->ptr0_server) { + unistr2_to_ascii(servername, &q_u->server, sizeof(servername)-1); } - if(q_u->ptr_ShareName) { - unistr2_to_ascii(sharename, &q_u->ShareName, sizeof(sharename)-1); + if(q_u->ptr0_share) { + unistr2_to_ascii(sharename, &q_u->share, sizeof(sharename)-1); } - if(q_u->ptr_ServerName && q_u->ptr_ShareName) { + if(q_u->ptr0_server && q_u->ptr0_share) { pstrcpy(altpath, servername); pstrcat(altpath, "\\"); pstrcat(altpath, sharename); @@ -144,7 +142,7 @@ WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, } /* if no server-share pair given, remove the msdfs link completely */ - if(!q_u->ptr_ServerName && !q_u->ptr_ShareName) { + if(!q_u->ptr0_server && !q_u->ptr0_share) { if(!remove_msdfs_link(&jn)) { vfs_ChDir(p->conn,p->conn->connectpath); return WERR_DFS_NO_SUCH_VOL; @@ -189,167 +187,164 @@ WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, return WERR_OK; } -static BOOL init_reply_dfs_info_1(struct junction_map* j, DFS_INFO_1* dfs1, int num_j) +static BOOL init_reply_dfs_info_1(struct junction_map* j, NETDFS_DFS_INFO1* dfs1) { - int i=0; - for(i=0;iptr0_path = 1; + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(), + j->service_name, j->volume_name); + DEBUG(5,("init_reply_dfs_info_1: initing entrypath: %s\n",str)); + init_unistr2(&dfs1->path,str,UNI_STR_TERMINATE); return True; } -static BOOL init_reply_dfs_info_2(struct junction_map* j, DFS_INFO_2* dfs2, int num_j) +static BOOL init_reply_dfs_info_2(struct junction_map* j, NETDFS_DFS_INFO2* dfs2) { - int i=0; - for(i=0;iptr0_path = 1; + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(), + j->service_name, j->volume_name); + init_unistr2(&dfs2->path, str, UNI_STR_TERMINATE); + dfs2->ptr0_comment = 0; + dfs2->state = 1; /* set up state of dfs junction as OK */ + dfs2->num_stores = j->referral_count; return True; } -static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_INFO_3* dfs3, int num_j) +static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, NETDFS_DFS_INFO3* dfs3) { - int i=0,ii=0; - for(i=0;ialternate_path); - trim_char(path,'\\','\0'); - p = strrchr_m(path,'\\'); - if(p==NULL) { - DEBUG(4,("init_reply_dfs_info_3: invalid path: no \\ found in %s\n",path)); - continue; - } - *p = '\0'; - DEBUG(5,("storage %d: %s.%s\n",ii,path,p+1)); - stor->state = 2; /* set all storages as ONLINE */ - init_unistr2(&stor->servername, path, UNI_STR_TERMINATE); - init_unistr2(&stor->sharename, p+1, UNI_STR_TERMINATE); - stor->ptr_servername = stor->ptr_sharename = 1; + int ii; + pstring str; + dfs3->ptr0_path = 1; + if (j->volume_name[0] == '\0') + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s", + global_myname(), j->service_name); + else + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", global_myname(), + j->service_name, j->volume_name); + + init_unistr2(&dfs3->path, str, UNI_STR_TERMINATE); + dfs3->ptr0_comment = 1; + init_unistr2(&dfs3->comment, "", UNI_STR_TERMINATE); + dfs3->state = 1; + dfs3->num_stores = dfs3->size_stores = j->referral_count; + dfs3->ptr0_stores = 1; + + /* also enumerate the stores */ + dfs3->stores = TALLOC_ARRAY(ctx, NETDFS_DFS_STORAGEINFO, j->referral_count); + if (!dfs3->stores) + return False; + + memset(dfs3->stores, '\0', j->referral_count * sizeof(NETDFS_DFS_STORAGEINFO)); + + for(ii=0;iireferral_count;ii++) { + char* p; + pstring path; + NETDFS_DFS_STORAGEINFO* stor = &(dfs3->stores[ii]); + struct referral* ref = &(j->referral_list[ii]); + + pstrcpy(path, ref->alternate_path); + trim_char(path,'\\','\0'); + p = strrchr_m(path,'\\'); + if(p==NULL) { + DEBUG(4,("init_reply_dfs_info_3: invalid path: no \\ found in %s\n",path)); + continue; } + *p = '\0'; + DEBUG(5,("storage %d: %s.%s\n",ii,path,p+1)); + stor->state = 2; /* set all stores as ONLINE */ + init_unistr2(&stor->server, path, UNI_STR_TERMINATE); + init_unistr2(&stor->share, p+1, UNI_STR_TERMINATE); + stor->ptr0_server = stor->ptr0_share = 1; } return True; } -static WERROR init_reply_dfs_ctr(TALLOC_CTX *ctx, uint32 level, - DFS_INFO_CTR* ctr, struct junction_map* jn, - int num_jn) +WERROR _dfs_Enum(pipes_struct *p, NETDFS_Q_DFS_ENUM *q_u, NETDFS_R_DFS_ENUM *r_u) { - /* do the levels */ - switch(level) { + uint32 level = q_u->level; + struct junction_map jn[MAX_MSDFS_JUNCTIONS]; + int num_jn = 0; + int i; + + num_jn = enum_msdfs_links(p->mem_ctx, jn, ARRAY_SIZE(jn)); + vfs_ChDir(p->conn,p->conn->connectpath); + + DEBUG(5,("make_reply_dfs_enum: %d junctions found in Dfs, doing level %d\n", num_jn, level)); + + r_u->ptr0_info = q_u->ptr0_info; + r_u->ptr0_total = q_u->ptr0_total; + r_u->total = num_jn; + + r_u->info = q_u->info; + + /* Create the return array */ + switch (level) { case 1: - { - DFS_INFO_1* dfs1; - dfs1 = TALLOC_ARRAY(ctx, DFS_INFO_1, num_jn); - if (!dfs1) + if ((r_u->info.e.u.info1.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO1, num_jn)) == NULL) { return WERR_NOMEM; - init_reply_dfs_info_1(jn, dfs1, num_jn); - ctr->dfs.info1 = dfs1; - break; } + r_u->info.e.u.info1.count = num_jn; + r_u->info.e.u.info1.ptr0_s = 1; + r_u->info.e.u.info1.size_s = num_jn; + break; case 2: - { - DFS_INFO_2* dfs2; - dfs2 = TALLOC_ARRAY(ctx, DFS_INFO_2, num_jn); - if (!dfs2) + if ((r_u->info.e.u.info2.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO2, num_jn)) == NULL) { return WERR_NOMEM; - init_reply_dfs_info_2(jn, dfs2, num_jn); - ctr->dfs.info2 = dfs2; - break; } + r_u->info.e.u.info2.count = num_jn; + r_u->info.e.u.info2.ptr0_s = 1; + r_u->info.e.u.info2.size_s = num_jn; + break; case 3: - { - DFS_INFO_3* dfs3; - dfs3 = TALLOC_ARRAY(ctx, DFS_INFO_3, num_jn); - if (!dfs3) + if ((r_u->info.e.u.info3.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO3, num_jn)) == NULL) { return WERR_NOMEM; - init_reply_dfs_info_3(ctx, jn, dfs3, num_jn); - ctr->dfs.info3 = dfs3; + } + r_u->info.e.u.info3.count = num_jn; + r_u->info.e.u.info3.ptr0_s = 1; + r_u->info.e.u.info3.size_s = num_jn; break; + case 4: + if ((r_u->info.e.u.info4.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO4, num_jn)) == NULL) { + return WERR_NOMEM; } + r_u->info.e.u.info4.count = num_jn; + r_u->info.e.u.info4.ptr0_s = 1; + r_u->info.e.u.info4.size_s = num_jn; + break; default: return WERR_INVALID_PARAM; } - return WERR_OK; -} - -WERROR _dfs_enum(pipes_struct *p, DFS_Q_DFS_ENUM *q_u, DFS_R_DFS_ENUM *r_u) -{ - uint32 level = q_u->level; - struct junction_map jn[MAX_MSDFS_JUNCTIONS]; - int num_jn = 0; - - num_jn = enum_msdfs_links(p->mem_ctx, jn, ARRAY_SIZE(jn)); - vfs_ChDir(p->conn,p->conn->connectpath); - - DEBUG(5,("make_reply_dfs_enum: %d junctions found in Dfs, doing level %d\n", num_jn, level)); - r_u->ptr_buffer = level; - r_u->level = r_u->level2 = level; - r_u->ptr_num_entries = r_u->ptr_num_entries2 = 1; - r_u->num_entries = r_u->num_entries2 = num_jn; - r_u->reshnd.ptr_hnd = 1; - r_u->reshnd.handle = num_jn; - - r_u->ctr = TALLOC_P(p->mem_ctx, DFS_INFO_CTR); - if (!r_u->ctr) - return WERR_NOMEM; - ZERO_STRUCTP(r_u->ctr); - r_u->ctr->switch_value = level; - r_u->ctr->num_entries = num_jn; - r_u->ctr->ptr_dfs_ctr = 1; + for (i = 0; i < num_jn; i++) { + switch (level) { + case 1: + init_reply_dfs_info_1(&jn[i], &r_u->info.e.u.info1.s[i]); + break; + case 2: + init_reply_dfs_info_2(&jn[i], &r_u->info.e.u.info2.s[i]); + break; + case 3: + init_reply_dfs_info_3(p->mem_ctx, &jn[i], &r_u->info.e.u.info3.s[i]); + break; + default: + return WERR_INVALID_PARAM; + } + } - r_u->status = init_reply_dfs_ctr(p->mem_ctx, level, r_u->ctr, jn, num_jn); + r_u->status = WERR_OK; return r_u->status; } -WERROR _dfs_get_info(pipes_struct *p, DFS_Q_DFS_GET_INFO *q_u, - DFS_R_DFS_GET_INFO *r_u) +WERROR _dfs_GetInfo(pipes_struct *p, NETDFS_Q_DFS_GETINFO *q_u, + NETDFS_R_DFS_GETINFO *r_u) { - UNISTR2* uni_path = &q_u->uni_path; + UNISTR2* uni_path = &q_u->path; uint32 level = q_u->level; int consumedcnt = sizeof(pstring); pstring path; + BOOL ret; struct junction_map jn; unistr2_to_ascii(path, uni_path, sizeof(path)-1); @@ -363,9 +358,130 @@ WERROR _dfs_get_info(pipes_struct *p, DFS_Q_DFS_GET_INFO *q_u, } vfs_ChDir(p->conn,p->conn->connectpath); - r_u->level = level; - r_u->ptr_ctr = 1; - r_u->status = init_reply_dfs_ctr(p->mem_ctx, level, &r_u->ctr, &jn, 1); + r_u->info.switch_value = level; + r_u->info.ptr0 = 1; + r_u->status = WERR_OK; + + switch (level) { + case 1: ret = init_reply_dfs_info_1(&jn, &r_u->info.u.info1); break; + case 2: ret = init_reply_dfs_info_2(&jn, &r_u->info.u.info2); break; + case 3: ret = init_reply_dfs_info_3(p->mem_ctx, &jn, &r_u->info.u.info3); break; + default: + ret = False; + break; + } + + if (!ret) + r_u->status = WERR_INVALID_PARAM; return r_u->status; } + +WERROR _dfs_SetInfo(pipes_struct *p, NETDFS_Q_DFS_SETINFO *q_u, NETDFS_R_DFS_SETINFO *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_Rename(pipes_struct *p, NETDFS_Q_DFS_RENAME *q_u, NETDFS_R_DFS_RENAME *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_Move(pipes_struct *p, NETDFS_Q_DFS_MOVE *q_u, NETDFS_R_DFS_MOVE *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_ManagerGetConfigInfo(pipes_struct *p, NETDFS_Q_DFS_MANAGERGETCONFIGINFO *q_u, NETDFS_R_DFS_MANAGERGETCONFIGINFO *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_ManagerSendSiteInfo(pipes_struct *p, NETDFS_Q_DFS_MANAGERSENDSITEINFO *q_u, NETDFS_R_DFS_MANAGERSENDSITEINFO *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_AddFtRoot(pipes_struct *p, NETDFS_Q_DFS_ADDFTROOT *q_u, NETDFS_R_DFS_ADDFTROOT *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_RemoveFtRoot(pipes_struct *p, NETDFS_Q_DFS_REMOVEFTROOT *q_u, NETDFS_R_DFS_REMOVEFTROOT *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_AddStdRoot(pipes_struct *p, NETDFS_Q_DFS_ADDSTDROOT *q_u, NETDFS_R_DFS_ADDSTDROOT *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_RemoveStdRoot(pipes_struct *p, NETDFS_Q_DFS_REMOVESTDROOT *q_u, NETDFS_R_DFS_REMOVESTDROOT *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_ManagerInitialize(pipes_struct *p, NETDFS_Q_DFS_MANAGERINITIALIZE *q_u, NETDFS_R_DFS_MANAGERINITIALIZE *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_AddStdRootForced(pipes_struct *p, NETDFS_Q_DFS_ADDSTDROOTFORCED *q_u, NETDFS_R_DFS_ADDSTDROOTFORCED *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_GetDcAddress(pipes_struct *p, NETDFS_Q_DFS_GETDCADDRESS *q_u, NETDFS_R_DFS_GETDCADDRESS *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_SetDcAddress(pipes_struct *p, NETDFS_Q_DFS_SETDCADDRESS *q_u, NETDFS_R_DFS_SETDCADDRESS *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_FlushFtTable(pipes_struct *p, NETDFS_Q_DFS_FLUSHFTTABLE *q_u, NETDFS_R_DFS_FLUSHFTTABLE *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_Add2(pipes_struct *p, NETDFS_Q_DFS_ADD2 *q_u, NETDFS_R_DFS_ADD2 *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_Remove2(pipes_struct *p, NETDFS_Q_DFS_REMOVE2 *q_u, NETDFS_R_DFS_REMOVE2 *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_EnumEx(pipes_struct *p, NETDFS_Q_DFS_ENUMEX *q_u, NETDFS_R_DFS_ENUMEX *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + +WERROR _dfs_SetInfo2(pipes_struct *p, NETDFS_Q_DFS_SETINFO2 *q_u, NETDFS_R_DFS_SETINFO2 *r_u) +{ + /* FIXME: Implement your code here */ + return WERR_NOT_SUPPORTED; +} + diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f48f3e863a..c93107cec4 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -9,6 +9,7 @@ * Copyright (C) Jim McDonough 2002, * Copyright (C) Simo Sorce 2003. * Copyright (C) Gerald (Jerry) Carter 2005. + * Copyright (C) Volker Lendecke 2005. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -102,9 +103,7 @@ static int init_dom_ref(DOM_R_REF *ref, const char *dom_name, DOM_SID *dom_sid) if (dom_name != NULL) { for (num = 0; num < ref->num_ref_doms_1; num++) { - fstring domname; - rpcstr_pull(domname, ref->ref_dom[num].uni_dom_name.buffer, sizeof(domname), -1, 0); - if (strequal(domname, dom_name)) + if (sid_equal(dom_sid, &ref->ref_dom[num].ref_dom.sid)) return num; } } else { @@ -159,8 +158,8 @@ static int init_lsa_rid2s(TALLOC_CTX *mem_ctx, /* Split name into domain and user component */ - if (rpcstr_pull_unistr2_talloc(mem_ctx, &full_name, - &name[i]) < 0) { + full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]); + if (full_name == NULL) { DEBUG(0, ("pull_ucs2_talloc failed\n")); return 0; } @@ -226,87 +225,6 @@ static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, r_l->mapped_count = mapped_count; } -/*************************************************************************** - Init lsa_trans_names. - ***************************************************************************/ - -static void init_lsa_trans_names(TALLOC_CTX *ctx, DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn, - int num_entries, DOM_SID2 *sid, - uint32 *mapped_count) -{ - int i; - int total = 0; - *mapped_count = 0; - - /* Allocate memory for list of names */ - - if (num_entries > 0) { - if (!(trn->name = TALLOC_ARRAY(ctx, LSA_TRANS_NAME, num_entries))) { - DEBUG(0, ("init_lsa_trans_names(): out of memory\n")); - return; - } - - if (!(trn->uni_name = TALLOC_ARRAY(ctx, UNISTR2, num_entries))) { - DEBUG(0, ("init_lsa_trans_names(): out of memory\n")); - return; - } - } - - become_root(); /* Need root to get to passdb to for local sids */ - - for (i = 0; i < num_entries; i++) { - BOOL status = False; - DOM_SID find_sid = sid[i].sid; - uint32 rid = 0xffffffff; - int dom_idx = -1; - const char *name, *domain; - enum SID_NAME_USE type = SID_NAME_UNKNOWN; - - DEBUG(5, ("init_lsa_trans_names: looking up sid %s\n", - sid_string_static(&find_sid))); - - /* Lookup sid from winbindd */ - - status = lookup_sid(ctx, &find_sid, &domain, &name, &type); - - DEBUG(5, ("init_lsa_trans_names: %s\n", status ? "found" : - "not found")); - - if (!status) { - type = SID_NAME_UNKNOWN; - domain = talloc_strdup(ctx, ""); - name = talloc_strdup(ctx, - sid_string_static(&find_sid)); - dom_idx = -1; - - DEBUG(10,("init_lsa_trans_names: added unknown user " - "'%s' to referenced list.\n", name )); - } else { - (*mapped_count)++; - /* Store domain sid in ref array */ - if (find_sid.num_auths == 5) { - sid_split_rid(&find_sid, &rid); - } - dom_idx = init_dom_ref(ref, domain, &find_sid); - - DEBUG(10,("init_lsa_trans_names: added %s '%s\\%s' " - "(%d) to referenced list.\n", - sid_type_lookup(type), domain, name, type)); - - } - - init_lsa_trans_name(&trn->name[total], &trn->uni_name[total], - type, name, dom_idx); - total++; - } - - unbecome_root(); - - trn->num_entries = total; - trn->ptr_trans_names = 1; - trn->num_entries2 = total; -} - /*************************************************************************** Init_reply_lookup_sids. ***************************************************************************/ @@ -315,7 +233,7 @@ static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names, uint32 mapped_count) { - r_l->ptr_dom_ref = 1; + r_l->ptr_dom_ref = ref ? 1 : 0; r_l->dom_ref = ref; r_l->names = names; r_l->mapped_count = mapped_count; @@ -496,10 +414,12 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL * ufff, done :) mimir ***************************************************************************/ -NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENUM_TRUST_DOM *r_u) +NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, + LSA_R_ENUM_TRUST_DOM *r_u) { struct lsa_info *info; - uint32 enum_context = q_u->enum_context; + uint32 next_idx; + struct trustdom_info **domains; /* * preferred length is set to 5 as a "our" preferred length @@ -507,10 +427,11 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_E * update (20.08.2002): it's not preferred length, but preferred size! * it needs further investigation how to optimally choose this value */ - uint32 max_num_domains = q_u->preferred_len < 5 ? q_u->preferred_len : 10; - TRUSTDOM **trust_doms; + uint32 max_num_domains = + q_u->preferred_len < 5 ? q_u->preferred_len : 10; uint32 num_domains; NTSTATUS nt_status; + uint32 num_thistime; if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; @@ -519,19 +440,34 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_E if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION)) return NT_STATUS_ACCESS_DENIED; - nt_status = secrets_get_trusted_domains(p->mem_ctx, (int *)&enum_context, max_num_domains, (int *)&num_domains, &trust_doms); + nt_status = secrets_trusted_domains(p->mem_ctx, &num_domains, + &domains); - if (!NT_STATUS_IS_OK(nt_status) && - !NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES) && - !NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MORE_ENTRIES)) { + if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; - } else { - r_u->status = nt_status; } + if (q_u->enum_context < num_domains) { + num_thistime = MIN(num_domains, max_num_domains); + + r_u->status = STATUS_MORE_ENTRIES; + + if (q_u->enum_context + num_thistime > num_domains) { + num_thistime = num_domains - q_u->enum_context; + r_u->status = NT_STATUS_OK; + } + + next_idx = q_u->enum_context + num_thistime; + } else { + num_thistime = 0; + next_idx = 0xffffffff; + r_u->status = NT_STATUS_NO_MORE_ENTRIES; + } + /* set up the lsa_enum_trust_dom response */ - init_r_enum_trust_dom(p->mem_ctx, r_u, enum_context, max_num_domains, num_domains, trust_doms); + init_r_enum_trust_dom(p->mem_ctx, r_u, next_idx, + num_thistime, domains+q_u->enum_context); return r_u->status; } @@ -650,24 +586,29 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF _lsa_lookup_sids ***************************************************************************/ -NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_SIDS *r_u) +NTSTATUS _lsa_lookup_sids(pipes_struct *p, + LSA_Q_LOOKUP_SIDS *q_u, + LSA_R_LOOKUP_SIDS *r_u) { struct lsa_info *handle; - DOM_SID2 *sid = q_u->sids.sid; - int num_entries = q_u->sids.num_entries; - DOM_R_REF *ref = NULL; - LSA_TRANS_NAME_ENUM *names = NULL; + + int i, num_sids; + const DOM_SID **sids; uint32 mapped_count = 0; - if (num_entries > MAX_LOOKUP_SIDS) { - num_entries = 0; - DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, truncating SID lookup list to %d\n", MAX_LOOKUP_SIDS, num_entries)); - r_u->status = NT_STATUS_NONE_MAPPED; - } + struct lsa_dom_info *dom_infos; + struct lsa_name_info *name_infos; + + DOM_R_REF *ref = NULL; + LSA_TRANS_NAME_ENUM *names = NULL; - ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM); + if ((q_u->level < 1) || (q_u->level > 6)) { + r_u->status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { r_u->status = NT_STATUS_INVALID_HANDLE; goto done; @@ -678,19 +619,91 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_ r_u->status = NT_STATUS_ACCESS_DENIED; goto done; } - if (!ref || !names) - return NT_STATUS_NO_MEMORY; -done: + num_sids = q_u->sids.num_entries; + if (num_sids > MAX_LOOKUP_SIDS) { + DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, truncating " + "SID lookup list to %d\n", + MAX_LOOKUP_SIDS, num_sids)); + r_u->status = NT_STATUS_NONE_MAPPED; + goto done; + } - /* set up the LSA Lookup SIDs response */ - init_lsa_trans_names(p->mem_ctx, ref, names, num_entries, sid, &mapped_count); - if (NT_STATUS_IS_OK(r_u->status)) { - if (mapped_count == 0) - r_u->status = NT_STATUS_NONE_MAPPED; - else if (mapped_count != num_entries) - r_u->status = STATUS_SOME_UNMAPPED; + ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); + + sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids); + if ((ref == NULL) || (names == NULL) || (sids == NULL)) { + r_u->status = NT_STATUS_NO_MEMORY; + goto done; + } + + for (i=0; isids.sid[i].sid; + } + + r_u->status = lookup_sids(p->mem_ctx, num_sids, sids, q_u->level, + &dom_infos, &name_infos); + + if (!NT_STATUS_IS_OK(r_u->status)) { + goto done; + } + + if (num_sids > 0) { + names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME, num_sids); + names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids); + if ((names->name == NULL) || (names->uni_name == NULL)) { + r_u->status = NT_STATUS_NO_MEMORY; + goto done; + } } + + for (i=0; istatus = NT_STATUS_INTERNAL_ERROR; + goto done; + } + } + + for (i=0; itype == SID_NAME_UNKNOWN) { + name->dom_idx = -1; + name->name = talloc_asprintf(p->mem_ctx, "%8.8x", + name->rid); + if (name->name == NULL) { + r_u->status = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + mapped_count += 1; + } + init_lsa_trans_name(&names->name[i], &names->uni_name[i], + name->type, name->name, name->dom_idx); + } + + names->num_entries = num_sids; + names->ptr_trans_names = 1; + names->num_entries2 = num_sids; + + r_u->status = NT_STATUS_NONE_MAPPED; + if (mapped_count > 0) { + r_u->status = (mapped_count < num_sids) ? + STATUS_SOME_UNMAPPED : NT_STATUS_OK; + } + + DEBUG(10, ("num_sids %d, mapped_count %d, status %s\n", + num_sids, mapped_count, nt_errstr(r_u->status))); + + done: init_reply_lookup_sids(r_u, ref, names, mapped_count); return r_u->status; @@ -1173,10 +1186,7 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA if (!pdb_getgrsid(&map, info->sid)) return NT_STATUS_NO_SUCH_GROUP; - if(!pdb_update_group_mapping_entry(&map)) - return NT_STATUS_NO_SUCH_GROUP; - - return r_u->status; + return pdb_update_group_mapping_entry(&map); } /*************************************************************************** diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 643921f596..fd78f954cc 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -542,12 +542,9 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * } become_root(); - ret = pdb_update_sam_account (sampass); + r_u->status = pdb_update_sam_account (sampass); unbecome_root(); } - if (ret) { - status = NT_STATUS_OK; - } /* set up the LSA Server Password Set response */ init_net_r_srv_pwset(r_u, &cred_out, status); @@ -587,29 +584,29 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF /******************************************************************* gets a domain user's groups from their already-calculated NT_USER_TOKEN ********************************************************************/ -static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, - const NT_USER_TOKEN *nt_token, +static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + size_t num_sids, + const DOM_SID *sids, int *numgroups, DOM_GID **pgids) { - DOM_GID *gids; int i; - gids = TALLOC_ARRAY(mem_ctx, DOM_GID, nt_token->num_sids); - - if (!gids) { - return NT_STATUS_NO_MEMORY; - } - *numgroups=0; + *pgids = NULL; - for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) { - if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) { - sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid)); - gids[*numgroups].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED); - (*numgroups)++; + for (i=0; idc->remote_machine )); return NT_STATUS_ACCESS_DENIED; } @@ -734,10 +731,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * break; } case INTERACTIVE_LOGON_TYPE: - /* 'Interactive' autheticaion, supplies the password in its - MD4 form, encrypted with the session key. We will - convert this to chellange/responce for the auth - subsystem to chew on */ + /* 'Interactive' authentication, supplies the password in its + MD4 form, encrypted with the session key. We will convert + this to challenge/response for the auth subsystem to chew + on */ { const uint8 *chal; @@ -787,14 +784,15 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * && !is_trusted_domain(nt_domain) ) r_u->auth_resp = 0; /* We are not authoritative */ - free_server_info(&server_info); + talloc_free(server_info); return status; } if (server_info->guest) { /* We don't like guest domain logons... */ - DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n")); - free_server_info(&server_info); + DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST " + "denied.\n")); + talloc_free(server_info); return NT_STATUS_LOGON_FAILURE; } @@ -819,7 +817,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * sampw = server_info->sam_account; - /* set up pointer indicating user/password failed to be found */ + /* set up pointer indicating user/password failed to be + * found */ usr_info->ptr_user_info = 0; user_sid = pdb_get_user_sid(sampw); @@ -829,8 +828,12 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * sid_split_rid(&domain_sid, &user_rid); if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) { - DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid %s\n but group sid %s.\nThe conflicting domain portions are not supported for NETLOGON calls\n", - pdb_get_domain(sampw), pdb_get_username(sampw), + DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid " + "%s\n but group sid %s.\n" + "The conflicting domain portions are not " + "supported for NETLOGON calls\n", + pdb_get_domain(sampw), + pdb_get_username(sampw), sid_to_string(user_sid_string, user_sid), sid_to_string(group_sid_string, group_sid))); return NT_STATUS_UNSUCCESSFUL; @@ -842,26 +845,30 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * } else { pstrcpy(my_name, global_myname()); } - - if (!NT_STATUS_IS_OK(status - = nt_token_to_group_list(p->mem_ctx, - &domain_sid, - server_info->ptok, - &num_gids, - &gids))) { + + status = nt_token_to_group_list(p->mem_ctx, &domain_sid, + server_info->num_sids, + server_info->sids, + &num_gids, &gids); + + if (!NT_STATUS_IS_OK(status)) { return status; } ZERO_STRUCT(netlogon_sess_key); memcpy(netlogon_sess_key, p->dc->sess_key, 8); if (server_info->user_session_key.length) { - memcpy(user_session_key, server_info->user_session_key.data, - MIN(sizeof(user_session_key), server_info->user_session_key.length)); + memcpy(user_session_key, + server_info->user_session_key.data, + MIN(sizeof(user_session_key), + server_info->user_session_key.length)); SamOEMhash(user_session_key, netlogon_sess_key, 16); } if (server_info->lm_session_key.length) { - memcpy(lm_session_key, server_info->lm_session_key.data, - MIN(sizeof(lm_session_key), server_info->lm_session_key.length)); + memcpy(lm_session_key, + server_info->lm_session_key.data, + MIN(sizeof(lm_session_key), + server_info->lm_session_key.length)); SamOEMhash(lm_session_key, netlogon_sess_key, 16); } ZERO_STRUCT(netlogon_sess_key); @@ -891,14 +898,11 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * server_info->lm_session_key.length ? lm_session_key : NULL, my_name , /* char *logon_srv */ pdb_get_domain(sampw), - &domain_sid, /* DOM_SID *dom_sid */ - /* Should be users domain sid, not servers - for trusted domains */ - - NULL); /* char *other_sids */ + &domain_sid); /* DOM_SID *dom_sid */ ZERO_STRUCT(user_session_key); ZERO_STRUCT(lm_session_key); } - free_server_info(&server_info); + talloc_free(server_info); return status; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 381adbe635..68b3a2d434 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -616,7 +616,7 @@ static BOOL pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) memset(p->wks, '\0', sizeof(p->wks)); /* Set up for non-authenticated user. */ - delete_nt_token(&p->pipe_user.nt_user_token); + talloc_free(p->pipe_user.nt_user_token); p->pipe_user.ut.ngroups = 0; SAFE_FREE( p->pipe_user.ut.groups); @@ -664,7 +664,8 @@ static BOOL pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) } if (a->server_info->ptok) { - p->pipe_user.nt_user_token = dup_nt_token(a->server_info->ptok); + p->pipe_user.nt_user_token = + dup_nt_token(NULL, a->server_info->ptok); } else { DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); p->pipe_user.nt_user_token = NULL; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 37d3ef64c0..86a04e7ccb 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -349,7 +349,8 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); - p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); + p->pipe_user.nt_user_token = dup_nt_token( + NULL, vuser->nt_user_token); } /* @@ -1222,7 +1223,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) /* Free the handles database. */ close_policy_by_pipe(p); - delete_nt_token(&p->pipe_user.nt_user_token); + talloc_free(p->pipe_user.nt_user_token); data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.ut.groups); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 2f9d494a26..81344cdc1e 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -140,7 +140,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ( sid ) { init_sec_access( &mask, sid_access ); init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); -} + } /* create the security descriptor */ @@ -1416,7 +1416,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO type[i] = SID_NAME_ALIAS; } } else { - lookup_global_sam_name(name, &rid[i], &type[i]); + lookup_global_sam_name(name, 0, &rid[i], &type[i]); } if (type[i] != SID_NAME_UNKNOWN) { @@ -1927,28 +1927,6 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ return r_u->status; break; -#if 0 -/* whoops - got this wrong. i think. or don't understand what's happening. */ - case 17: - { - NTTIME expire; - info = (void *)&id11; - - expire.low = 0xffffffff; - expire.high = 0x7fffffff; - - ctr->info.id = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_17)); - ZERO_STRUCTP(ctr->info.id17); - init_sam_user_info17(ctr->info.id17, &expire, - "BROOKFIELDS$", /* name */ - 0x03ef, /* user rid */ - 0x201, /* group rid */ - 0x0080); /* acb info */ - - break; - } -#endif - case 18: ctr->info.id18 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_18); if (ctr->info.id18 == NULL) @@ -1993,10 +1971,11 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u) { SAM_ACCOUNT *sam_pass=NULL; - struct passwd *passwd; DOM_SID sid; DOM_SID *sids; + DOM_GID dom_gid; DOM_GID *gids = NULL; + uint32 primary_group_rid; size_t num_groups = 0; gid_t *unix_gids; size_t i, num_gids; @@ -2031,58 +2010,72 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S if (!sid_check_is_in_our_domain(&sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - pdb_init_sam(&sam_pass); + pdb_init_sam_talloc(p->mem_ctx, &sam_pass); become_root(); ret = pdb_getsampwsid(sam_pass, &sid); unbecome_root(); - if (ret == False) { - pdb_free_sam(&sam_pass); - return NT_STATUS_NO_SUCH_USER; - } - - passwd = getpwnam_alloc(pdb_get_username(sam_pass)); - if (passwd == NULL) { - pdb_free_sam(&sam_pass); + if (!ret) { + DEBUG(10, ("pdb_getsampwsid failed for %s\n", + sid_string_static(&sid))); return NT_STATUS_NO_SUCH_USER; } sids = NULL; become_root(); - result = pdb_enum_group_memberships(pdb_get_username(sam_pass), - passwd->pw_gid, + result = pdb_enum_group_memberships(p->mem_ctx, sam_pass, &sids, &unix_gids, &num_groups); unbecome_root(); - pdb_free_sam(&sam_pass); - passwd_free(&passwd); - - if (!NT_STATUS_IS_OK(result)) + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10, ("pdb_enum_group_memberships failed for %s\n", + sid_string_static(&sid))); return result; - - SAFE_FREE(unix_gids); + } gids = NULL; num_gids = 0; + dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| + SE_GROUP_ENABLED); + + if (!sid_peek_check_rid(get_global_sam_sid(), + pdb_get_group_sid(sam_pass), + &primary_group_rid)) { + DEBUG(5, ("Group sid %s for user %s not in our domain\n", + sid_string_static(pdb_get_group_sid(sam_pass)), + pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + dom_gid.g_rid = primary_group_rid; + + ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids); + for (i=0; imem_ctx, gids, DOM_GID, num_gids+1); - gids[num_gids].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED); - gids[num_gids].g_rid = rid; - num_gids += 1; + if (dom_gid.g_rid == primary_group_rid) { + /* We added the primary group directly from the + * sam_account. The other SIDs are unique from + * enum_group_memberships */ + continue; + } + + ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids); } - SAFE_FREE(sids); /* construct the response. lkclXXXX: gids are not copied! */ - init_samr_r_query_usergroups(r_u, num_groups, gids, r_u->status); + init_samr_r_query_usergroups(r_u, num_gids, gids, r_u->status); DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); @@ -2322,7 +2315,8 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name) This funcion will need to be updated for bdc/domain trusts. ********************************************************************/ -NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREATE_USER *r_u) +NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, + SAMR_R_CREATE_USER *r_u) { SAM_ACCOUNT *sam_pass=NULL; fstring account; @@ -2339,7 +2333,6 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA uint32 acc_granted; SEC_DESC *psd; size_t sd_size; - uint32 new_rid = 0; /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; BOOL can_add_account = False; @@ -2347,20 +2340,26 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA DISP_INFO *disp_info = NULL; /* Get the domain SID stored in the domain policy */ - if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted, &disp_info)) + if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted, + &disp_info)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) { + nt_status = access_check_samr_function(acc_granted, + SA_RIGHT_DOMAIN_CREATE_USER, + "_samr_create_user"); + if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } - if (!(acb_info == ACB_NORMAL || acb_info == ACB_DOMTRUST || acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) { + if (!(acb_info == ACB_NORMAL || acb_info == ACB_DOMTRUST || + acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) { /* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if this parameter is not an account type */ return NT_STATUS_INVALID_PARAMETER; } - rpcstr_pull(account, user_account.buffer, sizeof(account), user_account.uni_str_len*2, 0); + rpcstr_pull(account, user_account.buffer, sizeof(account), + user_account.uni_str_len*2, 0); strlower_m(account); nt_status = can_create(p->mem_ctx, account); @@ -2369,14 +2368,14 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA } /********************************************************************* - * HEADS UP! If we have to create a new user account, we have to get - * a new RID from somewhere. This used to be done by the passdb - * backend. It has been moved into idmap now. Since idmap is now - * wrapped up behind winbind, this means you have to run winbindd if you - * want new accounts to get a new RID when "enable rid algorithm = no". - * Tough. We now have a uniform way of allocating RIDs regardless - * of what ever passdb backend people may use. - * --jerry (2003-07-10) + * HEADS UP! If we have to create a new user account, we have to get + * a new RID from somewhere. This used to be done by the passdb + * backend. It has been moved into idmap now. Since idmap is now + * wrapped up behind winbind, this means you have to run winbindd if + * you want new accounts to get a new RID when "enable rid algorithm = + * no". Tough. We now have a uniform way of allocating RIDs + * regardless of what ever passdb backend people may use. --jerry + * (2003-07-10) *********************************************************************/ pw = Get_Pwnam(account); @@ -2387,24 +2386,30 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA { pstrcpy(add_script, lp_addmachine_script()); se_priv_copy( &se_rights, &se_machine_account ); - can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_account = user_has_privileges( + p->pipe_user.nt_user_token, &se_rights ); } /* usrmgr.exe (and net rpc trustdom grant) creates a normal user account for domain trusts and changes the ACB flags later */ - else if ( acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$') ) + else if ( acb_info & ACB_NORMAL && + (account[strlen(account)-1] != '$') ) { pstrcpy(add_script, lp_adduser_script()); se_priv_copy( &se_rights, &se_add_users ); - can_add_account = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_account = user_has_privileges( + p->pipe_user.nt_user_token, &se_rights ); } - else /* implicit assumption of a BDC or domain trust account here (we already check the flags earlier) */ + else /* implicit assumption of a BDC or domain trust account here + * (we already check the flags earlier) */ { pstrcpy(add_script, lp_addmachine_script()); if ( lp_enable_privileges() ) { /* only Domain Admins can add a BDC or domain trust */ se_priv_copy( &se_rights, &se_priv_none ); - can_add_account = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ); - } + can_add_account = nt_token_check_domain_rid( + p->pipe_user.nt_user_token, + DOMAIN_GROUP_RID_ADMINS ); + } } DEBUG(5, ("_samr_create_user: %s can add this account : %s\n", @@ -2419,16 +2424,20 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA if (*add_script) { int add_ret; - all_string_sub(add_script, "%u", account, sizeof(add_script)); + all_string_sub(add_script, "%u", account, + sizeof(add_script)); add_ret = smbrun(add_script,NULL); - DEBUG(add_ret ? 0 : 3,("_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); + DEBUG(add_ret ? 0 : 3,("_samr_create_user: Running " + "the command `%s' gave %d\n", + add_script, add_ret)); } } - /* implicit call to getpwnam() next. we have a valid SID coming out of this call */ + /* implicit call to getpwnam() next. we have a valid SID coming out + * of this call */ flush_pwnam_cache(); - nt_status = pdb_init_sam_new(&sam_pass, account, new_rid); + nt_status = pdb_init_sam_new(&sam_pass, account); /* this code is order such that we have no unnecessary retuns out of the admin block of code */ @@ -2438,7 +2447,8 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA if ( !(ret = pdb_add_sam_account(sam_pass)) ) { pdb_free_sam(&sam_pass); - DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n", + DEBUG(0, ("could not add user/computer %s to passdb. " + "Check permissions?\n", account)); nt_status = NT_STATUS_ACCESS_DENIED; } @@ -2458,7 +2468,8 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA sid_copy(&sid, pdb_get_user_sid(sam_pass)); - make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW); + make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, + &sid, SAMR_USR_RIGHTS_WRITE_PW); se_map_generic(&des_access, &usr_generic_mapping); nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, @@ -2944,7 +2955,7 @@ static BOOL set_user_info_16(const SAM_USER_INFO_16 *id16, SAM_ACCOUNT *pwd) return False; } - if(!pdb_update_sam_account(pwd)) { + if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { pdb_free_sam(&pwd); return False; } @@ -2980,7 +2991,7 @@ static BOOL set_user_info_18(SAM_USER_INFO_18 *id18, SAM_ACCOUNT *pwd) return False; } - if(!pdb_update_sam_account(pwd)) { + if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { pdb_free_sam(&pwd); return False; } @@ -2997,8 +3008,7 @@ static BOOL set_unix_primary_group(SAM_ACCOUNT *sampass) struct group *grp; gid_t gid; - if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sampass), - &gid))) { + if (!sid_to_gid(pdb_get_group_sid(sampass), &gid)) { DEBUG(2,("Could not get gid for primary group of " "user %s\n", pdb_get_username(sampass))); return False; @@ -3039,7 +3049,7 @@ static BOOL set_user_info_20(SAM_USER_INFO_20 *id20, SAM_ACCOUNT *pwd) copy_id20_to_sam_passwd(pwd, id20); /* write the change out */ - if(!pdb_update_sam_account(pwd)) { + if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { pdb_free_sam(&pwd); return False; } @@ -3073,7 +3083,7 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, SAM_ACCOUNT *pwd) set_unix_primary_group(pwd); /* write the change out */ - if(!pdb_update_sam_account(pwd)) { + if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { pdb_free_sam(&pwd); return False; } @@ -3140,7 +3150,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, SAM_ACCOUNT *pwd) if (IS_SAM_CHANGED(pwd, PDB_GROUPSID)) set_unix_primary_group(pwd); - if(!pdb_update_sam_account(pwd)) { + if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { pdb_free_sam(&pwd); return False; } @@ -3202,7 +3212,7 @@ static BOOL set_user_info_pw(uint8 *pass, SAM_ACCOUNT *pwd) DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n")); /* update the SAMBA password */ - if(!pdb_update_sam_account(pwd)) { + if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { pdb_free_sam(&pwd); return False; } @@ -3485,7 +3495,6 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, NTSTATUS ntstatus2; DOM_SID *members; - BOOL res; r_u->status = NT_STATUS_OK; @@ -3521,13 +3530,14 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, num_alias_rids = 0; become_root(); - res = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members, - q_u->num_sids1, - &alias_rids, &num_alias_rids); + ntstatus1 = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members, + q_u->num_sids1, + &alias_rids, &num_alias_rids); unbecome_root(); - if (!res) - return NT_STATUS_UNSUCCESSFUL; + if (!NT_STATUS_IS_OK(ntstatus1)) { + return ntstatus1; + } init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids, NT_STATUS_OK); @@ -3540,6 +3550,7 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_QUERY_ALIASMEM *r_u) { + NTSTATUS status; size_t i; size_t num_sids = 0; DOM_SID2 *sid; @@ -3560,8 +3571,11 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); - if (!pdb_enum_aliasmem(&alias_sid, &sids, &num_sids)) - return NT_STATUS_NO_SUCH_ALIAS; + status = pdb_enum_aliasmem(&alias_sid, &sids, &num_sids); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids); if (num_sids!=0 && sid == NULL) { @@ -3710,7 +3724,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD uint32 acc_granted; SE_PRIV se_rights; BOOL can_add_accounts; - BOOL ret; + NTSTATUS ret; DISP_INFO *disp_info = NULL; /* Find the policy handle. Open a policy on it. */ @@ -3738,11 +3752,11 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD /******** END SeAddUsers BLOCK *********/ - if (ret) { + if (NT_STATUS_IS_OK(ret)) { force_flush_samr_cache(disp_info); } - return ret ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; + return ret; } /********************************************************************* @@ -3755,7 +3769,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE uint32 acc_granted; SE_PRIV se_rights; BOOL can_add_accounts; - BOOL ret; + NTSTATUS ret; DISP_INFO *disp_info = NULL; /* Find the policy handle. Open a policy on it. */ @@ -3784,11 +3798,11 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE /******** END SeAddUsers BLOCK *********/ - if (ret) { + if (NT_STATUS_IS_OK(ret)) { force_flush_samr_cache(disp_info); } - return ret ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; + return ret; } /********************************************************************* @@ -3847,19 +3861,18 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD } /* check a real user exist before we run the script to add a user to a group */ - if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) { + if (!sid_to_uid(pdb_get_user_sid(sam_user), &uid)) { pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } pdb_free_sam(&sam_user); - if ((pwd=getpwuid_alloc(uid)) == NULL) { + if ((pwd=getpwuid_alloc(p->mem_ctx, uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; } if ((grp=getgrgid(map.gid)) == NULL) { - passwd_free(&pwd); return NT_STATUS_NO_SUCH_GROUP; } @@ -3867,8 +3880,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD fstrcpy(grp_name, grp->gr_name); /* if the user is already in the group */ - if(user_in_unix_group_list(pwd->pw_name, grp_name)) { - passwd_free(&pwd); + if(user_in_unix_group(pwd->pw_name, grp_name)) { return NT_STATUS_MEMBER_IN_GROUP; } @@ -3894,13 +3906,10 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD /******** END SeAddUsers BLOCK *********/ /* check if the user has been added then ... */ - if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { - passwd_free(&pwd); + if(!user_in_unix_group(pwd->pw_name, grp_name)) { return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */ } - passwd_free(&pwd); - force_flush_samr_cache(disp_info); return NT_STATUS_OK; @@ -3961,7 +3970,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE } /* if the user is not in the group */ - if (!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + if (!user_in_unix_group(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_MEMBER_NOT_IN_GROUP; } @@ -3983,7 +3992,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE /******** END SeAddUsers BLOCK *********/ /* check if the user has been removed then ... */ - if (user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + if (user_in_unix_group(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_ACCESS_DENIED; /* don't know what to reply else */ } @@ -4290,19 +4299,28 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S /* so far, so good */ result = NT_STATUS_OK; - - r_u->rid = pdb_gid_to_group_rid( grp->gr_gid ); - /* add the group to the mapping table */ + if (pdb_rid_algorithm()) { + r_u->rid = pdb_gid_to_group_rid( grp->gr_gid ); + } else { + if (!pdb_new_rid(&r_u->rid)) { + result = NT_STATUS_ACCESS_DENIED; + } + } + + if (NT_STATUS_IS_OK(result)) { + + /* add the group to the mapping table */ - sid_copy( &info_sid, get_global_sam_sid() ); - sid_append_rid( &info_sid, r_u->rid ); - sid_to_string( sid_string, &info_sid ); + sid_copy( &info_sid, get_global_sam_sid() ); + sid_append_rid( &info_sid, r_u->rid ); + sid_to_string( sid_string, &info_sid ); - /* reset the error code if we fail to add the mapping entry */ + /* reset the error code if we fail to add the mapping entry */ - if ( !add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL) ) - result = NT_STATUS_ACCESS_DENIED; + if ( !add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL) ) + result = NT_STATUS_ACCESS_DENIED; + } } if ( can_add_accounts ) @@ -4383,18 +4401,26 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S /******** END SeAddUsers BLOCK *********/ - if (!NT_STATUS_IS_OK(result)) + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10, ("pdb_create_alias failed: %s\n", + nt_errstr(result))); return result; + } sid_copy(&info_sid, get_global_sam_sid()); sid_append_rid(&info_sid, r_u->rid); - if (!NT_STATUS_IS_OK(sid_to_gid(&info_sid, &gid))) + if (!sid_to_gid(&info_sid, &gid)) { + DEBUG(10, ("Could not find alias just created\n")); return NT_STATUS_ACCESS_DENIED; + } /* check if the group has been successfully created */ - if ( getgrgid(gid) == NULL ) + if ( getgrgid(gid) == NULL ) { + DEBUG(10, ("getgrgid(%d) of just created alias failed\n", + gid)); return NT_STATUS_ACCESS_DENIED; + } if ((info = get_samr_info_by_sid(&info_sid)) == NULL) return NT_STATUS_NO_MEMORY; @@ -4485,7 +4511,8 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ GROUP_MAP map; GROUP_INFO_CTR *ctr; uint32 acc_granted; - BOOL ret; + NTSTATUS ret; + BOOL result; BOOL can_mod_accounts; DISP_INFO *disp_info = NULL; @@ -4497,9 +4524,9 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ } become_root(); - ret = get_domain_group_from_sid(group_sid, &map); + result = get_domain_group_from_sid(group_sid, &map); unbecome_root(); - if (!ret) + if (!result) return NT_STATUS_NO_SUCH_GROUP; ctr=q_u->ctr; @@ -4529,11 +4556,11 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ /******** End SeAddUsers BLOCK *********/ - if (ret) { + if (NT_STATUS_IS_OK(ret)) { force_flush_samr_cache(disp_info); } - return ret ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; + return ret; } /********************************************************************* diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index a22d6db266..e6d45f76ec 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1620,10 +1620,13 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( user.ut.uid != 0 - && !user_has_privileges( user.nt_user_token, &se_printop ) - && !user_in_list(uidtoname(user.ut.uid), lp_printer_admin(snum), user.ut.groups, user.ut.ngroups) ) - { + if ((user.ut.uid != 0) && + !user_has_privileges(user.nt_user_token, + &se_printop ) && + !token_contains_name_in_list( + uidtoname(user.ut.uid), NULL, + user.nt_user_token, + lp_printer_admin(snum))) { close_printer_handle(p, handle); return WERR_ACCESS_DENIED; } @@ -1676,7 +1679,10 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, return WERR_ACCESS_DENIED; } - if (!user_ok(uidtoname(user.ut.uid), snum, user.ut.groups, user.ut.ngroups) || !print_access_check(&user, snum, printer_default->access_required)) { + if (!user_ok_token(uidtoname(user.ut.uid), user.nt_user_token, + snum) || + !print_access_check(&user, snum, + printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(p, handle); return WERR_ACCESS_DENIED; @@ -5997,7 +6003,7 @@ BOOL add_printer_hook(NT_USER_TOKEN *token, NT_PRINTER_INFO_LEVEL *printer) numlines = 0; /* Get lines and convert them back to dos-codepage */ - qlines = fd_lines_load(fd, &numlines); + qlines = fd_lines_load(fd, &numlines, 0); DEBUGADD(10,("Lines returned = [%d]\n", numlines)); close(fd); @@ -7195,7 +7201,7 @@ WERROR enumports_hook( int *count, char ***lines ) } numlines = 0; - qlines = fd_lines_load(fd, &numlines); + qlines = fd_lines_load(fd, &numlines, 0); DEBUGADD(10,("Lines returned = [%d]\n", numlines)); close(fd); } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 8150a8bf69..f279c98c31 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -29,26 +29,6 @@ extern struct generic_mapping file_generic_mapping; #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -#define INVALID_SHARENAME_CHARS "<>*?|/\\+=;:\"," - -/******************************************************************** - Check a string for any occurrences of a specified list of invalid - characters. -********************************************************************/ - -static BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len ) -{ - int i; - - for ( i=0; iinfo_2_str, net_name, remark, path, passwd); } -/******************************************************************* - What to do when smb.conf is updated. - ********************************************************************/ - -static void smb_conf_updated(int msg_type, struct process_id src, - void *buf, size_t len) -{ - DEBUG(10,("smb_conf_updated: Got message saying smb.conf was updated. Reloading.\n")); - reload_services(False); -} - -/******************************************************************* - Create the share security tdb. - ********************************************************************/ - -static TDB_CONTEXT *share_tdb; /* used for share security descriptors */ -#define SHARE_DATABASE_VERSION_V1 1 -#define SHARE_DATABASE_VERSION_V2 2 /* version id in little endian. */ - -BOOL share_info_db_init(void) -{ - static pid_t local_pid; - const char *vstring = "INFO/version"; - int32 vers_id; - - if (share_tdb && local_pid == sys_getpid()) - return True; - share_tdb = tdb_open_log(lock_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); - if (!share_tdb) { - DEBUG(0,("Failed to open share info database %s (%s)\n", - lock_path("share_info.tdb"), strerror(errno) )); - return False; - } - - local_pid = sys_getpid(); - - /* handle a Samba upgrade */ - tdb_lock_bystring(share_tdb, vstring, 0); - - /* Cope with byte-reversed older versions of the db. */ - vers_id = tdb_fetch_int32(share_tdb, vstring); - if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) { - /* Written on a bigendian machine with old fetch_int code. Save as le. */ - tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); - vers_id = SHARE_DATABASE_VERSION_V2; - } - - if (vers_id != SHARE_DATABASE_VERSION_V2) { - tdb_traverse(share_tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); - } - tdb_unlock_bystring(share_tdb, vstring); - - message_register(MSG_SMB_CONF_UPDATED, smb_conf_updated); - - return True; -} - -/******************************************************************* - Fake up a Everyone, full access as a default. - ********************************************************************/ - -static SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, int snum, size_t *psize) -{ - SEC_ACCESS sa; - SEC_ACE ace; - SEC_ACL *psa = NULL; - SEC_DESC *psd = NULL; - uint32 def_access = GENERIC_ALL_ACCESS; - - se_map_generic(&def_access, &file_generic_mapping); - - init_sec_access(&sa, GENERIC_ALL_ACCESS | def_access ); - init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - - if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { - psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize); - } - - if (!psd) { - DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); - return NULL; - } - - return psd; -} - -/******************************************************************* - Pull a security descriptor from the share tdb. - ********************************************************************/ - -static SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize) -{ - prs_struct ps; - fstring key; - SEC_DESC *psd = NULL; - - *psize = 0; - - /* Fetch security descriptor from tdb */ - - slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); - - if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || - !sec_io_desc("get_share_security", &psd, &ps, 1)) { - - DEBUG(4,("get_share_security: using default secdesc for %s\n", lp_servicename(snum) )); - - return get_share_security_default(ctx, snum, psize); - } - - if (psd) - *psize = sec_desc_size(psd); - - prs_mem_free(&ps); - return psd; -} - -/******************************************************************* - Store a security descriptor in the share db. - ********************************************************************/ - -static BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd) -{ - prs_struct ps; - TALLOC_CTX *mem_ctx = NULL; - fstring key; - BOOL ret = False; - - mem_ctx = talloc_init("set_share_security"); - if (mem_ctx == NULL) - return False; - - prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); - - if (!sec_io_desc("share_security", &psd, &ps, 1)) - goto out; - - slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); - - if (tdb_prs_store(share_tdb, key, &ps)==0) { - ret = True; - DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); - } else { - DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name )); - } - - /* Free malloc'ed memory */ - -out: - - prs_mem_free(&ps); - if (mem_ctx) - talloc_destroy(mem_ctx); - return ret; -} - -/******************************************************************* - Delete a security descriptor. -********************************************************************/ - -static BOOL delete_share_security(int snum) -{ - TDB_DATA kbuf; - fstring key; - - slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); - kbuf.dptr = key; - kbuf.dsize = strlen(key)+1; - - if (tdb_delete(share_tdb, kbuf) != 0) { - DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n", - lp_servicename(snum) )); - return False; - } - - return True; -} - /******************************************************************* Map any generic bits to file specific bits. ********************************************************************/ -void map_generic_share_sd_bits(SEC_DESC *psd) +static void map_generic_share_sd_bits(SEC_DESC *psd) { int i; SEC_ACL *ps_dacl = NULL; @@ -517,7 +318,7 @@ static BOOL init_srv_share_info_ctr(pipes_struct *p, SRV_SHARE_INFO_CTR *ctr, uint32 info_level, uint32 *resume_hnd, uint32 *total_entries, BOOL all_shares) { int num_entries = 0; - int num_services = lp_numservices(); + int num_services = 0; int snum; TALLOC_CTX *ctx = p->mem_ctx; @@ -528,6 +329,11 @@ static BOOL init_srv_share_info_ctr(pipes_struct *p, SRV_SHARE_INFO_CTR *ctr, ctr->info_level = ctr->switch_value = info_level; *resume_hnd = 0; + /* Ensure all the usershares are loaded. */ + become_root(); + num_services = load_usershare_shares(); + unbecome_root(); + /* Count the number of entries. */ for (snum = 0; snum < num_services; snum++) { if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) -- cgit