From 30038de4623bc827ee8019c569faf00583d1fe58 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 29 Nov 1998 20:03:33 +0000 Subject: weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1) --- source3/rpc_server/srv_lookup.c | 288 +++++++++------------------------------- source3/rpc_server/srv_netlog.c | 123 ++++++----------- source3/rpc_server/srv_samr.c | 135 +++++++------------ 3 files changed, 152 insertions(+), 394 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_lookup.c b/source3/rpc_server/srv_lookup.c index 9981ce0371..fc73edc4ed 100644 --- a/source3/rpc_server/srv_lookup.c +++ b/source3/rpc_server/srv_lookup.c @@ -52,43 +52,9 @@ extern fstring global_sam_name; extern DOM_SID global_sam_sid; extern DOM_SID global_sid_S_1_5_20; -/* - * A list of the rids of well known BUILTIN and Domain users - * and groups. - */ - -rid_name builtin_alias_rids[] = -{ - { BUILTIN_ALIAS_RID_ADMINS , "Administrators" }, - { BUILTIN_ALIAS_RID_USERS , "Users" }, - { BUILTIN_ALIAS_RID_GUESTS , "Guests" }, - { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" }, - - { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" }, - { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" }, - { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" }, - { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" }, - { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID users. */ -rid_name domain_user_rids[] = -{ - { DOMAIN_USER_RID_ADMIN , "Administrator" }, - { DOMAIN_USER_RID_GUEST , "Guest" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID groups. */ -rid_name domain_group_rids[] = -{ - { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" }, - { DOMAIN_GROUP_RID_USERS , "Domain Users" }, - { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" }, - { 0 , NULL } -}; - +extern rid_name builtin_alias_rids[]; +extern rid_name domain_user_rids[]; +extern rid_name domain_group_rids[]; int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) { @@ -117,13 +83,20 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) char *name = mem[count].name; become_root(True); - status = lookup_group_name(name, &sid, &type); + status = lookup_name(name, &sid, &type); unbecome_root(True); - sid_split_rid(&sid, &rid); - - if (status == 0x0 && sid_equal(&sid, &global_sam_sid)) + if (status == 0x0 && !sid_front_equal(&global_sam_sid, &sid)) + { + fstring sid_str; + sid_to_string(sid_str, &sid); + DEBUG(1,("make_dom_gids: unknown sid %s for groupname %s\n", + sid_str, name)); + } + else if (status == 0x0) { + sid_split_rid(&sid, &rid); + gids = (DOM_GID *)Realloc( gids, sizeof(DOM_GID) * (count+1) ); if (gids == NULL) @@ -141,7 +114,7 @@ int make_dom_gids(DOMAIN_GRP *mem, int num_members, DOM_GID **ppgids) } else { - DEBUG(1,("make_dom_gids: unknown group name %s\n", name)); + DEBUG(1,("make_dom_gids: unknown groupname %s\n", name)); } } @@ -428,7 +401,7 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type) if (disp_info != NULL) { - fstrcpy(user_name, disp_info->smb_name); + fstrcpy(user_name, disp_info->nt_name); DEBUG(5,(" = %s\n", user_name)); return 0x0; } @@ -442,14 +415,21 @@ uint32 lookup_user_sid(DOM_SID *sid, char *user_name, uint8 *type) /******************************************************************* lookup_group_rid ********************************************************************/ -uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type) +uint32 lookup_added_group_name(const char *grp_name, const char *domain, + DOM_SID *sid, uint8 *type) { DOMAIN_GRP *grp = NULL; (*type) = SID_NAME_DOM_GRP; - DEBUG(5,("lookup_group_name: name: %s", grp_name)); + DEBUG(5,("lookup_added_group_name: name: %s", grp_name)); - grp = getgroupnam(grp_name, NULL, NULL); + if (!strequal(domain, global_sam_name)) + { + DEBUG(5,(" not our domain\n")); + return 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + + grp = getgroupntnam(grp_name, NULL, NULL); if (grp != NULL) { @@ -465,45 +445,23 @@ uint32 lookup_group_name(char *grp_name, DOM_SID *sid, uint8 *type) } /******************************************************************* - lookup_wk_group_name - ********************************************************************/ -uint32 lookup_wk_group_name(char *group_name, DOM_SID *sid, uint8 *type) -{ - char *grp_name; - int i = -1; /* start do loop at -1 */ - uint32 rid; - (*type) = SID_NAME_WKN_GRP; - - do /* find, if it exists, a group rid for the group name */ - { - i++; - rid = domain_group_rids[i].rid; - grp_name = domain_group_rids[i].name; - - if (strequal(grp_name, group_name)) - { - sid_copy(sid, &global_sam_sid); - sid_append_rid(sid, rid); - - return 0x0; - } - - } while (grp_name != NULL); - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_name + lookup_added_alias_name ********************************************************************/ -uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type) +uint32 lookup_added_alias_name(const char *als_name, const char *domain, + DOM_SID *sid, uint8 *type) { LOCAL_GRP *als = NULL; (*type) = SID_NAME_ALIAS; - DEBUG(5,("lookup_alias_name: name: %s", als_name)); + DEBUG(5,("lookup_added_alias_name: name: %s\%s", domain, als_name)); - als = getaliasnam(als_name, NULL, NULL); + if (!strequal(domain, global_sam_name)) + { + DEBUG(5,(" not our domain\n")); + return 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + + als = getaliasntnam(als_name, NULL, NULL); if (als != NULL) { @@ -518,40 +476,10 @@ uint32 lookup_alias_name(char *als_name, DOM_SID *sid, uint8 *type) return 0xC0000000 | NT_STATUS_NONE_MAPPED; } -/******************************************************************* - lookup_wk_alias_name - ********************************************************************/ -uint32 lookup_wk_alias_name(char *alias_name, DOM_SID *sid, uint8 *type) -{ - char *als_name; - int i = 0; - uint32 rid; - (*type) = SID_NAME_ALIAS; - - do /* find, if it exists, a alias rid for the alias name*/ - { - rid = builtin_alias_rids[i].rid; - als_name = builtin_alias_rids[i].name; - - i++; - - if (strequal(als_name, alias_name)) - { - sid_copy(sid, &global_sid_S_1_5_20); - sid_append_rid(sid, rid); - - return 0x0; - } - - } while (als_name != NULL); - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - /******************************************************************* lookup_added_user_rid ********************************************************************/ -uint32 lookup_added_user_rids(char *user_name, +uint32 lookup_added_user_rids(char *nt_name, uint32 *usr_rid, uint32 *grp_rid) { struct sam_passwd *sam_pass; @@ -560,7 +488,7 @@ uint32 lookup_added_user_rids(char *user_name, /* find the user account */ become_root(True); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsam21pwntnam(nt_name); unbecome_root(True); if (sam_pass != NULL) @@ -576,14 +504,20 @@ uint32 lookup_added_user_rids(char *user_name, /******************************************************************* lookup_added_user_name ********************************************************************/ -uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type) +static uint32 lookup_added_user_name(const char *nt_name, const char *domain, + DOM_SID *sid, uint8 *type) { struct sam_passwd *sam_pass; (*type) = SID_NAME_USER; + if (!strequal(domain, global_sam_name)) + { + return 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + /* find the user account */ become_root(True); - sam_pass = getsam21pwnam(user_name); + sam_pass = getsam21pwntnam(nt_name); unbecome_root(True); if (sam_pass != NULL) @@ -597,67 +531,18 @@ uint32 lookup_added_user_name(char *user_name, DOM_SID *sid, uint8 *type) return 0xC0000000 | NT_STATUS_NONE_MAPPED; } -/******************************************************************* - lookup_wk_user_name - ********************************************************************/ -uint32 lookup_wk_user_name(char *user_name, DOM_SID *sid, uint8 *type) -{ - char *usr_name; - int i = -1; /* start do loop at -1 */ - (*type) = SID_NAME_USER; - - do /* find, if it exists, a alias rid for the alias name*/ - { - i++; - usr_name = domain_user_rids[i].name; - - } while (usr_name != NULL && !strequal(usr_name, user_name)); - - if (usr_name != NULL) - { - sid_copy(sid, &global_sid_S_1_5_20); - sid_append_rid(sid, domain_user_rids[i].rid); - return 0; - } - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_added_grp_name - ********************************************************************/ -uint32 lookup_added_grp_name(char *name, DOM_SID *sid, uint8 *type) -{ - uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_group_name(name, sid, type) : status; - status = (status != 0x0) ? lookup_alias_name(name, sid, type) : status; - - return status; -} - -/******************************************************************* - lookup_builtin_grp_name - ********************************************************************/ -uint32 lookup_builtin_grp_name(char *name, DOM_SID *sid, uint8 *type) -{ - uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_wk_group_name(name, sid, type) : status; - status = (status != 0x0) ? lookup_wk_alias_name(name, sid, type) : status; - - return status; -} - /******************************************************************* lookup_grp_name ********************************************************************/ -uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type) +static uint32 lookup_grp_name(const char *name, const char *domain, + DOM_SID *sid, uint8 *type) { uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - status = (status != 0x0) ? lookup_builtin_grp_name(name, sid, type) : status; - status = (status != 0x0) ? lookup_added_grp_name (name, sid, type) : status; + status = (status != 0x0) ? lookup_wk_group_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_builtin_alias_name(name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_added_group_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_added_alias_name (name, domain, sid, type) : status; return status; } @@ -665,12 +550,13 @@ uint32 lookup_grp_name(char *name, DOM_SID *sid, uint8 *type) /******************************************************************* lookup_user_name ********************************************************************/ -uint32 lookup_user_name(char *name, DOM_SID *sid, uint8 *type) +static uint32 lookup_user_name(const char *name, const char *domain, + DOM_SID *sid, uint8 *type) { uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - status = (status != 0x0) ? lookup_wk_user_name (name, sid, type) : status; - status = (status != 0x0) ? lookup_added_user_name(name, sid, type) : status; + status = (status != 0x0) ? lookup_wk_user_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_added_user_name(name, domain, sid, type) : status; return status; } @@ -692,66 +578,12 @@ uint32 lookup_name(char *name, DOM_SID *sid, uint8 *type) return status; } - status = (status != 0x0) ? lookup_wk_alias_name(user, sid, type) : status; - status = (status != 0x0) ? lookup_alias_name (user, sid, type) : status; - status = (status != 0x0) ? lookup_user_name (name, sid, type) : status; - status = (status != 0x0) ? lookup_grp_name (name, sid, type) : status; + status = (status != 0x0) ? lookup_user_name (name, domain, sid, type) : status; + status = (status != 0x0) ? lookup_grp_name (name, domain, sid, type) : status; #if 0 - status = (status != 0x0) ? lookup_domain_name (user, sid, type) : status; + status = (status != 0x0) ? lookup_domain_name (domain, sid, type) : status; #endif return status; } -/******************************************************************* - lookup_user_rids - ********************************************************************/ -uint32 lookup_user_rids(char *name, uint32 *usr_rid, uint32 *grp_rid) -{ - uint32 status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - uint8 type; - DOM_SID sid; - - /* - * try an ordinary user lookup - */ - - status = lookup_added_user_rids(name, usr_rid, grp_rid); - if (status == 0) - { - return status; - } - - /* - * hm. must be a well-known user, in a well-known group. - */ - - status = lookup_wk_user_name(name, &sid, &type); - sid_split_rid(&sid, usr_rid); - - if (status != 0 || type != SID_NAME_USER) - { - return status; /* ok, maybe not! */ - } - - if (type != SID_NAME_USER) - { - return 0xC0000000 | NT_STATUS_NONE_MAPPED; /* users only... */ - } - - /* - * ok, got the user rid: now try the group rid - */ - - status = lookup_builtin_grp_name(name, &sid, &type); - sid_split_rid(&sid, usr_rid); - - if (type == SID_NAME_DOM_GRP || - type == SID_NAME_ALIAS || - type == SID_NAME_WKN_GRP) - { - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - } - - return status; -} diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 7fbd43c38e..4f49735ca0 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -28,10 +28,9 @@ extern int DEBUGLEVEL; -extern BOOL sam_logon_in_ssb; -extern pstring samlogon_user; extern pstring global_myname; extern DOM_SID global_sam_sid; +extern fstring global_sam_name; /************************************************************************* make_net_r_req_chal: @@ -493,7 +492,7 @@ static void api_net_sam_logoff( uint16 vuid, net_login_interactive: *************************************************************************/ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, - struct smb_passwd *smb_pass, + struct sam_passwd *smb_pass, user_struct *vuser) { uint32 status = 0x0; @@ -543,7 +542,7 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, net_login_network: *************************************************************************/ static uint32 net_login_network(NET_ID_INFO_2 *id2, - struct smb_passwd *smb_pass, + struct sam_passwd *smb_pass, user_struct *vuser) { DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", @@ -598,7 +597,7 @@ static void api_net_sam_logon( uint16 vuid, NET_USER_INFO_3 usr_info; uint32 status = 0x0; DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; + struct sam_passwd *sam_pass = NULL; UNISTR2 *uni_samlogon_user = NULL; fstring nt_username; @@ -632,14 +631,14 @@ static void api_net_sam_logon( uint16 vuid, { uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", global_sam_name)); break; } case NET_LOGON_TYPE: { uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); - DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", global_sam_name)); break; } default: @@ -660,26 +659,16 @@ static void api_net_sam_logon( uint16 vuid, DEBUG(3,("User:[%s]\n", nt_username)); - /* - * Convert to a UNIX username. - */ - map_username(nt_username); - - /* - * Do any case conversions. - */ - (void)Get_Pwnam(nt_username, True); - become_root(True); - smb_pass = getsmbpwnam(nt_username); + sam_pass = getsam21pwntnam(nt_username); unbecome_root(True); - if (smb_pass == NULL) + if (sam_pass == NULL) { status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; } - else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) && - IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)) + else if (IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_DISABLED) && + IS_BITS_CLR_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ)) { status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; } @@ -687,20 +676,20 @@ static void api_net_sam_logon( uint16 vuid, /* validate password - if required */ - if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))) + if (status == 0 && !(IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ))) { switch (q_l.sam_id.logon_level) { case INTERACTIVE_LOGON_TYPE: { /* interactive login. */ - status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); + status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, sam_pass, vuser); break; } case NET_LOGON_TYPE: { /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser); + status = net_login_network(&q_l.sam_id.ctr->auth.id2, sam_pass, vuser); break; } } @@ -715,88 +704,60 @@ static void api_net_sam_logon( uint16 vuid, if (status == 0) { - DOM_GID *gids = NULL; int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; - pstring my_name; - pstring my_workgroup; DOMAIN_GRP *grp_mem; - uint32 r_uid; - uint32 r_gid; /* set up pointer indicating user/password failed to be found */ usr_info.ptr_user_info = 0; - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - pstrcpy(samlogon_user, nt_username); - - pstrcpy(logon_script, lp_logon_script()); - pstrcpy(profile_path, lp_logon_path()); - - pstrcpy(my_workgroup, lp_workgroup()); - - pstrcpy(home_drive, lp_logon_drive()); - pstrcpy(home_dir, lp_logon_home()); - pstrcpy(my_name, global_myname); - strupper(my_name); - - status = lookup_user_rids(nt_username, &r_uid, &r_gid); - status = getusergroupsnam(nt_username, &grp_mem, &num_gids) ? 0 : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP; - - sam_logon_in_ssb = False; + if (!getusergroupsntnam(nt_username, &grp_mem, &num_gids)) + { + status = 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP; + } if (status == 0x0) { - gids = NULL; + DOM_GID *gids = NULL; num_gids = make_dom_gids(grp_mem, num_gids, &gids); make_net_user_info3(&usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - nt_username , /* user_name */ - vuser->real_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ + &sam_pass->logon_time, + &sam_pass->logoff_time, + &sam_pass->kickoff_time, + &sam_pass->pass_last_set_time, + &sam_pass->pass_can_change_time, + &sam_pass->pass_must_change_time, + + sam_pass->nt_name , /* user_name */ + sam_pass->full_name , /* full_name */ + sam_pass->logon_script , /* logon_script */ + sam_pass->profile_path , /* profile_path */ + sam_pass->home_dir , /* home_dir */ + sam_pass->dir_drive , /* dir_drive */ 0, /* logon_count */ 0, /* bad_pw_count */ - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ + sam_pass->user_rid , /* RID user_id */ + sam_pass->group_rid , /* RID group_id */ num_gids, /* uint32 num_groups */ gids , /* DOM_GID *gids */ 0x20 , /* uint32 user_flgs (?) */ NULL, /* char sess_key[16] */ - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - &global_sam_sid, /* DOM_SID *dom_sid */ + global_myname , /* char *logon_srv */ + global_sam_name, /* char *logon_dom */ + &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ - } - /* Free any allocated groups array. */ - if (gids) - { - free((char *)gids); + /* Free any allocated groups array. */ + if (gids) + { + free((char *)gids); + } } + } net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index ff782a7248..fb613c3c51 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -28,8 +28,6 @@ extern int DEBUGLEVEL; -extern BOOL sam_logon_in_ssb; -extern pstring samlogon_user; extern fstring global_sam_name; extern pstring global_myname; extern DOM_SID global_sam_sid; @@ -79,8 +77,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, continue; } - user_name_len = strlen(pwd->smb_name); - make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); + user_name_len = strlen(pwd->nt_name); + make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len); make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, user_name_len, 1); pw_buf[(*num_entries)].user_rid = pwd->user_rid; @@ -95,7 +93,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pwd->smb_name, + (*num_entries), pwd->nt_name, pwd->user_rid, pwd->acct_ctrl)); if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask)) @@ -401,7 +399,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS r_e; DOMAIN_GRP *grps = NULL; int num_entries = 0; - BOOL got_grps; + BOOL got_grps = False; DOM_SID sid; fstring sid_str; @@ -418,39 +416,29 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str)); - /* well-known groups */ - if (sid_equal(&sid, &global_sid_S_1_5_20)) + if (sid_equal(&sid, &global_sam_sid)) { - char *name; + BOOL ret; got_grps = True; - while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) - { - DOMAIN_GRP tmp_grp; - - fstrcpy(tmp_grp.name , name); - fstrcpy(tmp_grp.comment, ""); - tmp_grp.rid = domain_group_rids[num_entries].rid; - tmp_grp.attr = 0x7; + become_root(True); + ret = enumdomgroups(&grps, &num_entries); + unbecome_root(True); - if (!add_domain_group(&grps, &num_entries, &tmp_grp)) - { - r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; - break; - } + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; } } - else if (sid_equal(&sid, &global_sam_sid)) + + if (r_e.status == 0x0 && + (sid_equal(&sid, &global_sam_sid) || + sid_equal(&sid, &global_sid_S_1_5_20))) { - BOOL ret; char *name; int i = 0; got_grps = True; - become_root(True); - ret = enumdomgroups(&grps, &num_entries); - unbecome_root(True); - while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[i].name) != NULL)) { DOMAIN_GRP tmp_grp; @@ -468,11 +456,6 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, i++; } - - if (!ret) - { - r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; - } } if (r_e.status == 0 && got_grps) @@ -747,10 +730,10 @@ static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *rdata) { - uint32 rid[MAX_SAM_ENTRIES]; - uint32 status = 0; + uint32 status = 0; + + uint32 *rid = NULL; int num_rids = 0; - int i; struct sam_passwd *sam_pass; DOM_SID usr_sid; DOM_SID dom_sid; @@ -774,12 +757,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, sid_to_string(sam_sid_str, &global_sam_sid); } - if (num_rids > MAX_SAM_ENTRIES) - { - num_rids = MAX_SAM_ENTRIES; - DEBUG(5,("samr_query_useraliases: truncating entries to %d\n", num_rids)); - } - if (status == 0x0) { usr_sid = q_u->sid[0].sid; @@ -811,17 +788,18 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, else if (sid_equal(&dom_sid, &usr_sid)) { LOCAL_GRP *mem_grp = NULL; + num_rids = 0; DEBUG(10,("lookup on Domain SID\n")); become_root(True); - getuseraliasnam(sam_pass->smb_name, &mem_grp, &num_rids); + getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids); unbecome_root(True); - num_rids = MIN(num_rids, MAX_SAM_ENTRIES); - - if (mem_grp != NULL) + rid = malloc(num_rids * sizeof(uint32)); + if (mem_grp != NULL && rid != NULL) { + int i; for (i = 0; i < num_rids; i++) { rid[i] = mem_grp[i].rid; @@ -840,6 +818,11 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, /* store the response in the SMB stream */ samr_io_r_query_useraliases("", &r_u, rdata, 0); + if (rid != NULL) + { + free(rid); + } + DEBUG(5,("samr_query_useraliases: %d\n", __LINE__)); } @@ -1150,27 +1133,21 @@ static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata *************************************************************************/ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { - struct smb_passwd *smb_pass; - - if (!pwdb_rid_is_user(user_rid)) - { - DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); - return False; - } + struct sam_passwd *sam_pass; become_root(True); - smb_pass = getsmbpwrid(user_rid); + sam_pass = getsam21pwrid(user_rid); unbecome_root(True); - if (smb_pass == NULL) + if (sam_pass == NULL) { DEBUG(4,("User 0x%x not found\n", user_rid)); return False; } - DEBUG(3,("User:[%s]\n", smb_pass->smb_name)); + DEBUG(3,("User:[%s]\n", sam_pass->nt_name)); - make_sam_user_info10(id10, smb_pass->acct_ctrl); + make_sam_user_info10(id10, sam_pass->acct_ctrl); return True; } @@ -1180,17 +1157,10 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) *************************************************************************/ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) { - NTTIME dummy_time; struct sam_passwd *sam_pass; LOGON_HRS hrs; int i; - if (!pwdb_rid_is_user(user_rid)) - { - DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); - return False; - } - become_root(True); sam_pass = getsam21pwrid(user_rid); unbecome_root(True); @@ -1201,12 +1171,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) return False; } - DEBUG(3,("User:[%s]\n", sam_pass->smb_name)); - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - DEBUG(0,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n")); + DEBUG(3,("User:[%s]\n", sam_pass->nt_name)); /* create a LOGON_HRS structure */ hrs.len = sam_pass->hours_len; @@ -1218,14 +1183,14 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) make_sam_user_info21(id21, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ + &sam_pass->logon_time, + &sam_pass->logoff_time, + &sam_pass->kickoff_time, + &sam_pass->pass_last_set_time, + &sam_pass->pass_can_change_time, + &sam_pass->pass_must_change_time, - sam_pass->smb_name, /* user_name */ + sam_pass->nt_name, /* user_name */ sam_pass->full_name, /* full_name */ sam_pass->home_dir, /* home_dir */ sam_pass->dir_drive, /* dir_drive */ @@ -1238,13 +1203,13 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) sam_pass->user_rid, /* RID user_id */ sam_pass->group_rid, /* RID group_id */ - sam_pass->acct_ctrl, + sam_pass->acct_ctrl, - sam_pass->unknown_3, /* unknown_3 */ - sam_pass->logon_divs, /* divisions per week */ - &hrs, /* logon hours */ - sam_pass->unknown_5, - sam_pass->unknown_6); + sam_pass->unknown_3, /* unknown_3 */ + sam_pass->logon_divs, /* divisions per week */ + &hrs, /* logon hours */ + sam_pass->unknown_5, + sam_pass->unknown_6); return True; } @@ -1393,7 +1358,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, DOMAIN_GRP *mem_grp = NULL; become_root(True); - getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups); + getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups); unbecome_root(True); gids = NULL; @@ -1559,7 +1524,7 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat q_u.uni_mach_acct.uni_str_len)); become_root(True); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = getsam21pwntnam(mach_acct); unbecome_root(True); if (sam_pass != NULL) -- cgit