From a42afcdcc7ab9aa9ed193ae36d3dbb10843447f0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 15 Oct 1998 05:47:29 +0000 Subject: bug-fixing against: AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655) --- source3/rpc_server/srv_lsa.c | 42 ++++++++++++++ source3/rpc_server/srv_pipe_hnd.c | 24 ++++++++ source3/rpc_server/srv_samr.c | 115 +++++++++++++++++++++++++++++--------- 3 files changed, 154 insertions(+), 27 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 2e5ebc9e68..93584b5acf 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -30,6 +30,28 @@ extern int DEBUGLEVEL; extern DOM_SID global_machine_sid; +/*************************************************************************** +lsa_reply_open_policy2 + ***************************************************************************/ +static void lsa_reply_open_policy2(prs_struct *rdata) +{ + int i; + LSA_R_OPEN_POL2 r_o; + + ZERO_STRUCT(r_o); + + /* set up the LSA QUERY INFO response */ + + for (i = 4; i < POL_HND_SIZE; i++) + { + r_o.pol.data[i] = i; + } + r_o.status = 0x0; + + /* store the response in the SMB stream */ + lsa_io_r_open_pol2("", &r_o, rdata, 0); +} + /*************************************************************************** lsa_reply_open_policy ***************************************************************************/ @@ -279,6 +301,25 @@ static void lsa_reply_lookup_rids(prs_struct *rdata, lsa_io_r_lookup_rids("", &r_l, rdata, 0); } +/*************************************************************************** +api_lsa_open_policy + ***************************************************************************/ +static void api_lsa_open_policy2( uint16 vuid, prs_struct *data, + prs_struct *rdata ) +{ + LSA_Q_OPEN_POL2 q_o; + + ZERO_STRUCT(q_o); + + /* grab the server, object attributes and desired access flag...*/ + lsa_io_q_open_pol2("", &q_o, data, 0); + + /* lkclXXXX having decoded it, ignore all fields in the open policy! */ + + /* return a 20 byte policy handle */ + lsa_reply_open_policy2(rdata); +} + /*************************************************************************** api_lsa_open_policy ***************************************************************************/ @@ -513,6 +554,7 @@ static void api_lsa_open_secret( uint16 vuid, prs_struct *data, ***************************************************************************/ static struct api_struct api_lsa_cmds[] = { + { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 }, { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy }, { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info }, { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom }, diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 4d5fd3865e..b1aede6166 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -123,6 +123,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->open = True; p->device_state = 0; + p->priority = 0; p->conn = conn; p->vuid = vuid; @@ -300,6 +301,29 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) } +/**************************************************************************** + wait device state on a pipe. exactly what this is for is unknown... +****************************************************************************/ +BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority) +{ + if (p == NULL) return False; + + if (p->open) + { + DEBUG(3,("%s Setting pipe wait state priority=%x on pipe (name=%s)\n", + timestring(), priority, p->name)); + + p->priority = priority; + + return True; + } + + DEBUG(3,("%s Error setting pipe wait state priority=%x (name=%s)\n", + timestring(), priority, p->name)); + return False; +} + + /**************************************************************************** set device state on a pipe. exactly what this is for is unknown... ****************************************************************************/ diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 22827f9f5c..11574be9b3 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -78,7 +78,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pwd->smb_name, pwd->user_rid, pwd->acct_ctrl)); + (*num_entries), pwd->smb_name, + pwd->user_rid, pwd->acct_ctrl)); if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask)) { @@ -451,49 +452,55 @@ static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u, SAM_INFO_1 info1; SAM_INFO_2 info2; SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries; - int total_entries; + int num_entries = 0; + int total_entries = 0; BOOL got_pwds; uint16 switch_level = 0x0; + ZERO_STRUCT(r_e); + r_e.status = 0x0; + DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__)); + /* find the policy handle. open a policy on it. */ if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) { r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + DEBUG(5,("samr_reply_query_dispinfo: invalid handle\n")); } - DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__)); - - become_root(True); - got_pwds = get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0); - unbecome_root(True); - - switch (q_u->switch_level) + if (r_e.status == 0x0) { - case 0x1: + become_root(True); + got_pwds = get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0); + unbecome_root(True); + + switch (q_u->switch_level) { - - /* query disp info is for users */ - switch_level = 0x1; - make_sam_info_1(&info1, ACB_NORMAL, - q_u->start_idx, num_entries, pass); + case 0x1: + { + + /* query disp info is for users */ + switch_level = 0x1; + make_sam_info_1(&info1, ACB_NORMAL, + q_u->start_idx, num_entries, pass); - ctr.sam.info1 = &info1; + ctr.sam.info1 = &info1; - break; - } - case 0x2: - { - /* query disp info is for servers */ - switch_level = 0x2; - make_sam_info_2(&info2, ACB_WSTRUST, - q_u->start_idx, num_entries, pass); + break; + } + case 0x2: + { + /* query disp info is for servers */ + switch_level = 0x2; + make_sam_info_2(&info2, ACB_WSTRUST, + q_u->start_idx, num_entries, pass); - ctr.sam.info2 = &info2; + ctr.sam.info2 = &info2; - break; + break; + } } } @@ -1169,6 +1176,59 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat } +/******************************************************************* + samr_reply_connect_anon + ********************************************************************/ +static void samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u, + prs_struct *rdata) +{ + SAMR_R_CONNECT_ANON r_u; + BOOL pol_open = False; + + /* set up the SAMR connect_anon response */ + + r_u.status = 0x0; + /* get a (unique) handle. open a policy on it. */ + if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol)))) + { + r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + /* associate the domain SID with the (unique) handle. */ + if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0)) + { + /* oh, whoops. don't know what error message to return, here */ + r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + if (r_u.status != 0 && pol_open) + { + close_lsa_policy_hnd(&(r_u.connect_pol)); + } + + DEBUG(5,("samr_connect_anon: %d\n", __LINE__)); + + /* store the response in the SMB stream */ + samr_io_r_connect_anon("", &r_u, rdata, 0); + + DEBUG(5,("samr_connect_anon: %d\n", __LINE__)); + +} + +/******************************************************************* + api_samr_connect_anon + ********************************************************************/ +static void api_samr_connect_anon( uint16 vuid, prs_struct *data, prs_struct *rdata) +{ + SAMR_Q_CONNECT_ANON q_u; + + /* grab the samr open policy */ + samr_io_q_connect_anon("", &q_u, data, 0); + + /* construct reply. always indicate success */ + samr_reply_connect_anon(&q_u, rdata); +} + /******************************************************************* samr_reply_connect ********************************************************************/ @@ -1283,6 +1343,7 @@ static struct api_struct api_samr_cmds [] = { { "SAMR_CLOSE_HND" , SAMR_CLOSE_HND , api_samr_close_hnd }, { "SAMR_CONNECT" , SAMR_CONNECT , api_samr_connect }, + { "SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon }, { "SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users }, { "SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups }, { "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases }, -- cgit