From da3053048c3d224a20d6383ac6682d31059cd46c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 11 Mar 2001 00:32:10 +0000 Subject: Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549) --- source3/rpc_server/srv_lsa.c | 3 - source3/rpc_server/srv_lsa_hnd.c | 274 ++-- source3/rpc_server/srv_lsa_nt.c | 27 +- source3/rpc_server/srv_netlog.c | 835 ++---------- source3/rpc_server/srv_netlog_nt.c | 184 +-- source3/rpc_server/srv_pipe.c | 71 +- source3/rpc_server/srv_pipe_hnd.c | 61 +- source3/rpc_server/srv_reg.c | 2 - source3/rpc_server/srv_reg_nt.c | 35 +- source3/rpc_server/srv_samr.c | 2566 +++++++++-------------------------- source3/rpc_server/srv_samr_nt.c | 672 +++++---- source3/rpc_server/srv_spoolss.c | 9 +- source3/rpc_server/srv_spoolss_nt.c | 434 +++--- source3/rpc_server/srv_srvsvc.c | 3 - source3/rpc_server/srv_srvsvc_nt.c | 5 +- source3/rpc_server/srv_util.c | 51 +- source3/rpc_server/srv_wkssvc.c | 3 - source3/rpc_server/srv_wkssvc_nt.c | 2 - 18 files changed, 1497 insertions(+), 3740 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 3b6725ec3a..b6a8c745a4 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -293,5 +292,3 @@ BOOL api_ntlsa_rpc(pipes_struct *p) { return api_rpcTNP(p, "api_ntlsa_rpc", api_lsa_cmds); } - -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index 10b9bef1be..bcc3878d86 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -1,11 +1,10 @@ -#define OLD_NTDOMAIN 1 - /* * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Jeremy Allison 2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,266 +25,145 @@ extern int DEBUGLEVEL; +/* This is the max handles per pipe. */ #ifndef MAX_OPEN_POLS -#define MAX_OPEN_POLS 2048 +#define MAX_OPEN_POLS 256 #endif -struct reg_info -{ - /* for use by \PIPE\winreg */ - fstring name; /* name of registry key */ -}; - -struct samr_info -{ - /* for use by the \PIPE\samr policy */ - DOM_SID sid; - uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */ -}; - -static struct policy -{ - struct policy *next, *prev; - int pnum; - BOOL open; - POLICY_HND pol_hnd; - - union { - struct samr_info samr; - struct reg_info reg; - } dev; -} *Policy; - -static struct bitmap *bmap; - -static uint32 pol_hnd_low = 0; -static uint32 pol_hnd_high = 0; - -/******************************************************************* - Creates a POLICY_HND structure. -********************************************************************/ - -void create_policy_handle(POLICY_HND *hnd, uint32 *hnd_low, uint32 *hnd_high) -{ - if (hnd == NULL) return; - - (*hnd_low)++; - if (*hnd_low == 0) (*hnd_high)++; - - ZERO_STRUCTP(hnd); - - SIVAL(&hnd->data1, 0 , 0); /* first bit must be null */ - SIVAL(&hnd->data2, 0 , *hnd_low ); /* second bit is incrementing */ - SSVAL(&hnd->data3, 0 , *hnd_high); /* second bit is incrementing */ - SSVAL(&hnd->data4, 0 , (*hnd_high>>16)); /* second bit is incrementing */ - SIVAL(hnd->data5, 0, time(NULL)); /* something random */ - SIVAL(hnd->data5, 4, sys_getpid()); /* something more random */ -} - /**************************************************************************** initialise policy handle states... ****************************************************************************/ -void init_lsa_policy_hnd(void) + +void init_pipe_handles(pipes_struct *p) { - bmap = bitmap_allocate(MAX_OPEN_POLS); - if (!bmap) { - exit_server("out of memory in init_lsa_policy_hnd\n"); - } + p->pipe_handles.Policy = NULL; + p->pipe_handles.count = 0; } /**************************************************************************** find first available policy slot. creates a policy handle for you. ****************************************************************************/ -BOOL open_lsa_policy_hnd(POLICY_HND *hnd) + +BOOL create_policy_hnd(pipes_struct *p, POLICY_HND *hnd, void (*free_fn)(void *), void *data_ptr) { - int i; - struct policy *p; + static uint32 pol_hnd_low = 0; + static uint32 pol_hnd_high = 0; - i = bitmap_find(bmap, 1); + struct policy *pol; - if (i == -1) { - DEBUG(0,("ERROR: out of Policy Handles!\n")); + if (p->pipe_handles.count > MAX_OPEN_POLS) { + DEBUG(0,("create_policy_hnd: ERROR: too many handles (%d) on this pipe.\n", (int)p->pipe_handles.count)); return False; } - p = (struct policy *)malloc(sizeof(*p)); - if (!p) { - DEBUG(0,("ERROR: out of memory!\n")); + pol = (struct policy *)malloc(sizeof(*p)); + if (!pol) { + DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n")); return False; } - ZERO_STRUCTP(p); + ZERO_STRUCTP(pol); + + pol->p = p; + pol->data_ptr = data_ptr; + pol->free_fn = free_fn; - p->open = True; - p->pnum = i; + pol_hnd_low++; + if (pol_hnd_low == 0) (pol_hnd_high)++; - create_policy_handle(hnd, &pol_hnd_low, &pol_hnd_high); - p->pol_hnd = *hnd; + SIVAL(&pol->pol_hnd.data1, 0 , 0); /* first bit must be null */ + SIVAL(&pol->pol_hnd.data2, 0 , pol_hnd_low ); /* second bit is incrementing */ + SSVAL(&pol->pol_hnd.data3, 0 , pol_hnd_high); /* second bit is incrementing */ + SSVAL(&pol->pol_hnd.data4, 0 , (pol_hnd_high>>16)); /* second bit is incrementing */ + SIVAL(pol->pol_hnd.data5, 0, time(NULL)); /* something random */ + SIVAL(pol->pol_hnd.data5, 4, sys_getpid()); /* something more random */ - bitmap_set(bmap, i); + DLIST_ADD(p->pipe_handles.Policy, pol); + p->pipe_handles.count++; - DLIST_ADD(Policy, p); + *hnd = pol->pol_hnd; - DEBUG(4,("Opened policy hnd[%x] ", i)); - dump_data(4, (char *)hnd, sizeof(hnd)); + DEBUG(4,("Opened policy hnd[%d] ", (int)p->pipe_handles.count)); + dump_data(4, (char *)hnd, sizeof(*hnd)); return True; } /**************************************************************************** - find policy by handle + find policy by handle - internal version. ****************************************************************************/ -static struct policy *find_lsa_policy(POLICY_HND *hnd) -{ - struct policy *p; - for (p=Policy;p;p=p->next) { - if (memcmp(&p->pol_hnd, hnd, sizeof(*hnd)) == 0) { - DEBUG(4,("Found policy hnd[%x] ", p->pnum)); - dump_data(4, (char *)hnd, sizeof(hnd)); - return p; +static struct policy *find_policy_by_hnd_internal(pipes_struct *p, POLICY_HND *hnd, void **data_p) +{ + struct policy *pol; + size_t i; + + if (data_p) + *data_p = NULL; + + for (i = 0, pol=p->pipe_handles.Policy;pol;pol=pol->next, i++) { + if (memcmp(&pol->pol_hnd, hnd, sizeof(*hnd)) == 0) { + DEBUG(4,("Found policy hnd[%d] ", (int)i)); + dump_data(4, (char *)hnd, sizeof(*hnd)); + if (data_p) + *data_p = pol->data_ptr; + return pol; } } DEBUG(4,("Policy not found: ")); - dump_data(4, (char *)hnd, sizeof(hnd)); + dump_data(4, (char *)hnd, sizeof(*hnd)); return NULL; } /**************************************************************************** - find policy index by handle + find policy by handle ****************************************************************************/ -int find_lsa_policy_by_hnd(POLICY_HND *hnd) -{ - struct policy *p = find_lsa_policy(hnd); - return p?p->pnum:-1; -} - - -/**************************************************************************** - set samr pol status. absolutely no idea what this is. -****************************************************************************/ -BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status) +BOOL find_policy_by_hnd(pipes_struct *p, POLICY_HND *hnd, void **data_p) { - struct policy *p = find_lsa_policy(hnd); - - if (p && p->open) { - DEBUG(3,("Setting policy status=%x pnum=%x\n", - pol_status, p->pnum)); - - p->dev.samr.status = pol_status; - return True; - } - - DEBUG(3,("Error setting policy status=%x\n", - pol_status)); - return False; + return find_policy_by_hnd_internal(p, hnd, data_p) == NULL ? False : True; } /**************************************************************************** - set samr sid + Close a policy. ****************************************************************************/ -BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) -{ - fstring sidstr; - struct policy *p = find_lsa_policy(hnd); - if (p && p->open) { - DEBUG(3,("Setting policy sid=%s pnum=%x\n", - sid_to_string(sidstr, sid), p->pnum)); - - memcpy(&p->dev.samr.sid, sid, sizeof(*sid)); - return True; - } - - DEBUG(3,("Error setting policy sid=%s\n", - sid_to_string(sidstr, sid))); - return False; -} - -/**************************************************************************** - get samr sid -****************************************************************************/ -BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) +BOOL close_policy_hnd(pipes_struct *p, POLICY_HND *hnd) { - struct policy *p = find_lsa_policy(hnd); + struct policy *pol = find_policy_by_hnd_internal(p, hnd, NULL); - if (p != NULL && p->open) { - fstring sidstr; - memcpy(sid, &p->dev.samr.sid, sizeof(*sid)); - DEBUG(3,("Getting policy sid=%s pnum=%x\n", - sid_to_string(sidstr, sid), p->pnum)); - - return True; + if (!pol) { + DEBUG(3,("Error closing policy\n")); + return False; } - DEBUG(3,("Error getting policy\n")); - return False; -} + DEBUG(3,("Closed policy\n")); -/**************************************************************************** - get samr rid -****************************************************************************/ -uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd) -{ - struct policy *p = find_lsa_policy(hnd); + if (pol->free_fn && pol->data_ptr) + (*pol->free_fn)(pol->data_ptr); - if (p && p->open) { - uint32 rid = p->dev.samr.sid.sub_auths[p->dev.samr.sid.num_auths-1]; - DEBUG(3,("Getting policy device rid=%x pnum=%x\n", - rid, p->pnum)); + pol->p->pipe_handles.count--; - return rid; - } + DLIST_REMOVE(pol->p->pipe_handles.Policy, pol); - DEBUG(3,("Error getting policy\n")); - return 0xffffffff; -} + ZERO_STRUCTP(pol); -/**************************************************************************** - set reg name -****************************************************************************/ -BOOL set_lsa_policy_reg_name(POLICY_HND *hnd, fstring name) -{ - struct policy *p = find_lsa_policy(hnd); - - if (p && p->open) { - DEBUG(3,("Setting policy pnum=%x name=%s\n", - p->pnum, name)); + free(pol); - fstrcpy(p->dev.reg.name, name); - return True; - } - - DEBUG(3,("Error setting policy name=%s\n", name)); - return False; + return True; } /**************************************************************************** - close an lsa policy + Close all the pipe handles. ****************************************************************************/ -BOOL close_lsa_policy_hnd(POLICY_HND *hnd) -{ - struct policy *p = find_lsa_policy(hnd); - if (!p) { - DEBUG(3,("Error closing policy\n")); - return False; - } - - DEBUG(3,("Closed policy name pnum=%x\n", p->pnum)); - - DLIST_REMOVE(Policy, p); - - bitmap_clear(bmap, p->pnum); - - ZERO_STRUCTP(p); - - free(p); +void close_policy_by_pipe(pipes_struct *p) +{ + while (p->pipe_handles.Policy) + close_policy_hnd(p, &p->pipe_handles.Policy->pol_hnd); - return True; + p->pipe_handles.Policy = NULL; + p->pipe_handles.count = 0; } - -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index ee2f38b715..8e1d934309 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -275,9 +274,6 @@ static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, r_l->status = NT_STATUS_NO_PROBLEMO; } -static uint32 lsa_hnd_low = 0; -static uint32 lsa_hnd_high = 0; - /*************************************************************************** _lsa_open_policy2. ***************************************************************************/ @@ -287,7 +283,8 @@ uint32 _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL2 /* lkclXXXX having decoded it, ignore all fields in the open policy! */ /* set up the LSA QUERY INFO response */ - create_policy_handle(&r_u->pol, &lsa_hnd_low, &lsa_hnd_high); + if (!create_policy_hnd(p, &r_u->pol, NULL, NULL)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; return NT_STATUS_NOPROBLEMO; } @@ -301,7 +298,8 @@ uint32 _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *r_ /* lkclXXXX having decoded it, ignore all fields in the open policy! */ /* set up the LSA QUERY INFO response */ - create_policy_handle(&r_u->pol, &lsa_hnd_low, &lsa_hnd_high); + if (!create_policy_hnd(p, &r_u->pol, NULL, NULL)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; return NT_STATUS_NOPROBLEMO; } @@ -316,6 +314,9 @@ uint32 _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENU char *dom_name = NULL; DOM_SID *dom_sid = NULL; + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + return NT_STATUS_INVALID_HANDLE; + /* set up the LSA QUERY INFO response */ init_r_enum_trust_dom(r_u, enum_context, dom_name, dom_sid, dom_name != NULL ? NT_STATUS_NO_PROBLEMO : NT_STATUS_UNABLE_TO_FREE_VM); @@ -336,6 +337,9 @@ uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO r_u->status = NT_STATUS_NO_PROBLEMO; + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + return NT_STATUS_INVALID_HANDLE; + switch (q_u->info_class) { case 0x02: { @@ -420,6 +424,9 @@ uint32 _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_SI LSA_TRANS_NAME_ENUM *names = NULL; uint32 mapped_count = 0; + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + return NT_STATUS_INVALID_HANDLE; + ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM)); @@ -445,6 +452,9 @@ uint32 _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_N DOM_RID2 *rids; uint32 mapped_count = 0; + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + return NT_STATUS_INVALID_HANDLE; + ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*MAX_LOOKUP_SIDS); @@ -464,6 +474,10 @@ uint32 _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_N uint32 _lsa_close(pipes_struct *p, LSA_Q_CLOSE *q_u, LSA_R_CLOSE *r_u) { + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + return NT_STATUS_INVALID_HANDLE; + + close_policy_hnd(p, &q_u->pol); return NT_STATUS_NO_PROBLEMO; } @@ -475,4 +489,3 @@ uint32 _lsa_open_secret(pipes_struct *p, LSA_Q_OPEN_SECRET *q_u, LSA_R_OPEN_SECR { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 8e2b3819cb..01d646bf57 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -6,7 +5,7 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * Copyright (C) Jeremy Allison 1998. + * Copyright (C) Jeremy Allison 1998-2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,344 +22,39 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +/* This is the interface to the netlogon pipe. */ + #include "includes.h" extern int DEBUGLEVEL; -extern BOOL sam_logon_in_ssb; -extern pstring samlogon_user; -extern pstring global_myname; -extern DOM_SID global_sam_sid; - -/************************************************************************* - init_net_r_req_chal: - *************************************************************************/ - -static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c, - DOM_CHAL *srv_chal, int status) -{ - DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__)); - memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data)); - r_c->status = status; -} - -/************************************************************************* - net_reply_req_chal: - *************************************************************************/ - -static BOOL net_reply_req_chal(NET_Q_REQ_CHAL *q_c, prs_struct *rdata, - DOM_CHAL *srv_chal, uint32 srv_time) -{ - NET_R_REQ_CHAL r_c; - - DEBUG(6,("net_reply_req_chal: %d\n", __LINE__)); - - /* set up the LSA REQUEST CHALLENGE response */ - init_net_r_req_chal(&r_c, srv_chal, srv_time); - - /* store the response in the SMB stream */ - if(!net_io_r_req_chal("", &r_c, rdata, 0)) { - DEBUG(0,("net_reply_req_chal: Failed to marshall NET_R_REQ_CHAL.\n")); - return False; - } - - DEBUG(6,("net_reply_req_chal: %d\n", __LINE__)); - - return True; -} - -/************************************************************************* - net_reply_logon_ctrl2: - *************************************************************************/ - -static BOOL net_reply_logon_ctrl2(NET_Q_LOGON_CTRL2 *q_l, prs_struct *rdata, - uint32 flags, uint32 pdc_status, uint32 logon_attempts, - uint32 tc_status, char *trust_domain_name) -{ - NET_R_LOGON_CTRL2 r_l; - - DEBUG(6,("net_reply_logon_ctrl2: %d\n", __LINE__)); - - /* set up the Logon Control2 response */ - init_r_logon_ctrl2(&r_l, q_l->query_level, - flags, pdc_status, logon_attempts, - tc_status, trust_domain_name); - - /* store the response in the SMB stream */ - if(!net_io_r_logon_ctrl2("", &r_l, rdata, 0)) { - DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n")); - return False; - } - - DEBUG(6,("net_reply_logon_ctrl2: %d\n", __LINE__)); - - return True; -} - -/************************************************************************* - net_reply_trust_dom_list: - *************************************************************************/ - -static BOOL net_reply_trust_dom_list(NET_Q_TRUST_DOM_LIST *q_t, prs_struct *rdata, - uint32 num_trust_domains, char *trust_domain_name) -{ - NET_R_TRUST_DOM_LIST r_t; - - DEBUG(6,("net_reply_trust_dom_list: %d\n", __LINE__)); - - /* set up the Trusted Domain List response */ - init_r_trust_dom(&r_t, num_trust_domains, trust_domain_name); - - /* store the response in the SMB stream */ - if(!net_io_r_trust_dom("", &r_t, rdata, 0)) { - DEBUG(0,("net_reply_trust_dom_list: Failed to marshall NET_R_TRUST_DOM_LIST.\n")); - return False; - } - - DEBUG(6,("net_reply_trust_dom_listlogon_ctrl2: %d\n", __LINE__)); - - return True; -} - -/************************************************************************* - init_net_r_auth_2: - *************************************************************************/ - -static void init_net_r_auth_2(NET_R_AUTH_2 *r_a, - DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status) -{ - memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data)); - memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs)); - r_a->status = status; -} - -/************************************************************************ - net_reply_auth_2: - *************************************************************************/ - -static BOOL net_reply_auth_2(NET_Q_AUTH_2 *q_a, prs_struct *rdata, - DOM_CHAL *resp_cred, int status) -{ - NET_R_AUTH_2 r_a; - NEG_FLAGS srv_flgs; - - srv_flgs.neg_flags = 0x000001ff; - - /* set up the LSA AUTH 2 response */ - - init_net_r_auth_2(&r_a, resp_cred, &srv_flgs, status); - - /* store the response in the SMB stream */ - if(!net_io_r_auth_2("", &r_a, rdata, 0)) { - DEBUG(0,("net_reply_auth_2: Failed to marshall NET_R_AUTH_2.\n")); - return False; - } - - return True; -} - -/*********************************************************************************** - init_net_r_srv_pwset: - ***********************************************************************************/ - -static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s, - DOM_CRED *srv_cred, int status) -{ - DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__)); - - memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred)); - r_s->status = status; - - DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__)); -} - -/************************************************************************* - net_reply_srv_pwset: - *************************************************************************/ - -static BOOL net_reply_srv_pwset(NET_Q_SRV_PWSET *q_s, prs_struct *rdata, - DOM_CRED *srv_cred, int status) -{ - NET_R_SRV_PWSET r_s; - - DEBUG(5,("net_srv_pwset: %d\n", __LINE__)); - - /* set up the LSA Server Password Set response */ - init_net_r_srv_pwset(&r_s, srv_cred, status); - - /* store the response in the SMB stream */ - if(!net_io_r_srv_pwset("", &r_s, rdata, 0)) { - DEBUG(0,("net_reply_srv_pwset: Failed to marshall NET_R_SRV_PWSET.\n")); - return False; - } - - DEBUG(5,("net_srv_pwset: %d\n", __LINE__)); - - return True; -} - -/************************************************************************* - net_reply_sam_logon: - *************************************************************************/ - -static BOOL net_reply_sam_logon(NET_Q_SAM_LOGON *q_s, prs_struct *rdata, - DOM_CRED *srv_cred, NET_USER_INFO_3 *user_info, - uint32 status) -{ - NET_R_SAM_LOGON r_s; - - /* XXXX maybe we want to say 'no', reject the client's credentials */ - r_s.buffer_creds = 1; /* yes, we have valid server credentials */ - memcpy(&r_s.srv_creds, srv_cred, sizeof(r_s.srv_creds)); - - /* store the user information, if there is any. */ - r_s.user = user_info; - if (status == 0x0 && user_info != NULL && user_info->ptr_user_info != 0) - r_s.switch_value = 3; /* indicates type of validation user info */ - else - r_s.switch_value = 0; /* indicates no info */ - - r_s.status = status; - r_s.auth_resp = 1; /* authoritative response */ - - /* store the response in the SMB stream */ - if(!net_io_r_sam_logon("", &r_s, rdata, 0)) { - DEBUG(0,("net_reply_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n")); - return False; - } - - return True; -} - - -/************************************************************************* - net_reply_sam_logoff: - *************************************************************************/ - -static BOOL net_reply_sam_logoff(NET_Q_SAM_LOGOFF *q_s, prs_struct *rdata, - DOM_CRED *srv_cred, - uint32 status) -{ - NET_R_SAM_LOGOFF r_s; - - /* XXXX maybe we want to say 'no', reject the client's credentials */ - r_s.buffer_creds = 1; /* yes, we have valid server credentials */ - memcpy(&r_s.srv_creds, srv_cred, sizeof(r_s.srv_creds)); - - r_s.status = status; - - /* store the response in the SMB stream */ - if(!net_io_r_sam_logoff("", &r_s, rdata, 0)) { - DEBUG(0,("net_reply_sam_logoff: Failed to marshall NET_R_SAM_LOGOFF.\n")); - return False; - } - - return True; -} - -/****************************************************************** - gets a machine password entry. checks access rights of the host. - ******************************************************************/ - -static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct) -{ - SAM_ACCOUNT *sampass = NULL; - BYTE *pass = NULL; - -#if 0 - /* - * Currently this code is redundent as we already have a filter - * by hostname list. What this code really needs to do is to - * get a hosts allowed/hosts denied list from the SAM database - * on a per user basis, and make the access decision there. - * I will leave this code here for now as a reminder to implement - * this at a later date. JRA. - */ - - if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(), - client_name(), client_addr())) - { - DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct)); - return False; - } -#endif /* 0 */ - - become_root(); - sampass = pdb_getsampwnam(mach_acct); - unbecome_root(); - - if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && - ((pass=pdb_get_nt_passwd(sampass)) != NULL)) - { - memcpy(md4pw, pass, 16); - dump_data(5, md4pw, 16); - - return True; - } - DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); - return False; -} - /************************************************************************* api_net_req_chal: *************************************************************************/ static BOOL api_net_req_chal(pipes_struct *p) { - NET_Q_REQ_CHAL q_r; - uint32 status = 0x0; - uint16 vuid = p->vuid; + NET_Q_REQ_CHAL q_u; + NET_R_REQ_CHAL r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - fstring mach_acct; - fstring mach_name; - - user_struct *vuser; - - DEBUG(5,("api_net_req_chal(%d): vuid %d\n", __LINE__, (int)vuid)); - - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return False; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); /* grab the challenge... */ - if(!net_io_q_req_chal("", &q_r, data, 0)) { + if(!net_io_q_req_chal("", &q_u, data, 0)) { DEBUG(0,("api_net_req_chal: Failed to unmarshall NET_Q_REQ_CHAL.\n")); return False; } - fstrcpy(mach_acct, dos_unistrn2(q_r.uni_logon_clnt.buffer, - q_r.uni_logon_clnt.uni_str_len)); - - fstrcpy(mach_name, mach_acct); - strlower(mach_name); - - fstrcat(mach_acct, "$"); + r_u.status = _net_req_chal(p, &q_u, &r_u); - if (get_md4pw((char *)vuser->dc.md4pw, mach_name, mach_acct)) { - /* copy the client credentials */ - memcpy(vuser->dc.clnt_chal.data , q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data)); - memcpy(vuser->dc.clnt_cred.challenge.data, q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data)); - - /* create a server challenge for the client */ - /* Set these to random values. */ - generate_random_buffer(vuser->dc.srv_chal.data, 8, False); - - memcpy(vuser->dc.srv_cred.challenge.data, vuser->dc.srv_chal.data, 8); - - memset((char *)vuser->dc.sess_key, '\0', sizeof(vuser->dc.sess_key)); - - /* from client / server challenges and md4 password, generate sess key */ - cred_session_key(&(vuser->dc.clnt_chal), &(vuser->dc.srv_chal), - (char *)vuser->dc.md4pw, vuser->dc.sess_key); - } else { - /* lkclXXXX take a guess at a good error message to return :-) */ - status = NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; - } - - /* construct reply. */ - if(!net_reply_req_chal(&q_r, rdata, &vuser->dc.srv_chal, status)) + /* store the response in the SMB stream */ + if(!net_io_r_req_chal("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_req_chal: Failed to marshall NET_R_REQ_CHAL.\n")); return False; + } return True; } @@ -371,270 +65,90 @@ static BOOL api_net_req_chal(pipes_struct *p) static BOOL api_net_auth_2(pipes_struct *p) { - uint16 vuid = p->vuid; - NET_Q_AUTH_2 q_a; - uint32 status = 0x0; + NET_Q_AUTH_2 q_u; + NET_R_AUTH_2 r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - DOM_CHAL srv_cred; - UTIME srv_time; - - user_struct *vuser; - - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return False; - - srv_time.time = 0; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); /* grab the challenge... */ - if(!net_io_q_auth_2("", &q_a, data, 0)) { + if(!net_io_q_auth_2("", &q_u, data, 0)) { DEBUG(0,("api_net_auth_2: Failed to unmarshall NET_Q_AUTH_2.\n")); return False; } - /* check that the client credentials are valid */ - if (cred_assert(&(q_a.clnt_chal), vuser->dc.sess_key, - &(vuser->dc.clnt_cred.challenge), srv_time)) { - - /* create server challenge for inclusion in the reply */ - cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred.challenge), srv_time, &srv_cred); - - /* copy the received client credentials for use next time */ - memcpy(vuser->dc.clnt_cred.challenge.data, q_a.clnt_chal.data, sizeof(q_a.clnt_chal.data)); - memcpy(vuser->dc.srv_cred .challenge.data, q_a.clnt_chal.data, sizeof(q_a.clnt_chal.data)); - } else { - status = NT_STATUS_ACCESS_DENIED; - } + r_u.status = _net_auth_2(p, &q_u, &r_u); - /* construct reply. */ - if(!net_reply_auth_2(&q_a, rdata, &srv_cred, status)) + /* store the response in the SMB stream */ + if(!net_io_r_auth_2("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_auth_2: Failed to marshall NET_R_AUTH_2.\n")); return False; + } return True; } - /************************************************************************* api_net_srv_pwset: *************************************************************************/ static BOOL api_net_srv_pwset(pipes_struct *p) { - uint16 vuid = p->vuid; - NET_Q_SRV_PWSET q_a; - uint32 status = NT_STATUS_WRONG_PASSWORD; - DOM_CRED srv_cred; - pstring mach_acct; - SAM_ACCOUNT *sampass; - BOOL ret; - user_struct *vuser; + NET_Q_SRV_PWSET q_u; + NET_R_SRV_PWSET r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return False; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); /* grab the challenge and encrypted password ... */ - if(!net_io_q_srv_pwset("", &q_a, data, 0)) { + if(!net_io_q_srv_pwset("", &q_u, data, 0)) { DEBUG(0,("api_net_srv_pwset: Failed to unmarshall NET_Q_SRV_PWSET.\n")); return False; } - /* checks and updates credentials. creates reply credentials */ - if (deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), - &(q_a.clnt_id.cred), &srv_cred)) - { - memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); - - DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__)); - - pstrcpy(mach_acct, dos_unistrn2(q_a.clnt_id.login.uni_acct_name.buffer, - q_a.clnt_id.login.uni_acct_name.uni_str_len)); - - DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct)); - - become_root(); - sampass = pdb_getsampwnam(mach_acct); - unbecome_root(); - - if (sampass != NULL) { - unsigned char pwd[16]; - int i; - - DEBUG(100,("Server password set : new given value was :\n")); - for(i = 0; i < 16; i++) - DEBUG(100,("%02X ", q_a.pwd[i])); - DEBUG(100,("\n")); - - cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0); - - /* lies! nt and lm passwords are _not_ the same: don't care */ - pdb_set_lanman_passwd (sampass, pwd); - pdb_set_nt_passwd (sampass, pwd); - pdb_set_acct_ctrl (sampass, ACB_WSTRUST); - - become_root(); - ret = pdb_update_sam_account (sampass,False); - unbecome_root(); - - if (ret) { - /* hooray! */ - status = 0x0; - } - } - - DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__)); + r_u.status = _net_srv_pwset(p, &q_u, &r_u); - } else { - /* lkclXXXX take a guess at a sensible error code to return... */ - status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT; - } - - /* Construct reply. */ - if(!net_reply_srv_pwset(&q_a, rdata, &srv_cred, status)) + /* store the response in the SMB stream */ + if(!net_io_r_srv_pwset("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_srv_pwset: Failed to marshall NET_R_SRV_PWSET.\n")); return False; + } return True; } - /************************************************************************* api_net_sam_logoff: *************************************************************************/ static BOOL api_net_sam_logoff(pipes_struct *p) { - uint16 vuid = p->vuid; - NET_Q_SAM_LOGOFF q_l; - NET_ID_INFO_CTR ctr; - DOM_CRED srv_cred; + NET_Q_SAM_LOGOFF q_u; + NET_R_SAM_LOGOFF r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - user_struct *vuser; - - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return False; - - /* the DOM_ID_INFO_1 structure is a bit big. plus we might want to - dynamically allocate it inside net_io_q_sam_logon, at some point */ - q_l.sam_id.ctr = &ctr; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - /* grab the challenge... */ - if(!net_io_q_sam_logoff("", &q_l, data, 0)) { + if(!net_io_q_sam_logoff("", &q_u, data, 0)) { DEBUG(0,("api_net_sam_logoff: Failed to unmarshall NET_Q_SAM_LOGOFF.\n")); return False; } - /* checks and updates credentials. creates reply credentials */ - deal_with_creds(vuser->dc.sess_key, &vuser->dc.clnt_cred, - &q_l.sam_id.client.cred, &srv_cred); - memcpy(&vuser->dc.srv_cred, &vuser->dc.clnt_cred, sizeof(vuser->dc.clnt_cred)); + r_u.status = _net_sam_logoff(p, &q_u, &r_u); - /* construct reply. always indicate success */ - if(!net_reply_sam_logoff(&q_l, rdata, &srv_cred, 0x0)) + /* store the response in the SMB stream */ + if(!net_io_r_sam_logoff("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_sam_logoff: Failed to marshall NET_R_SAM_LOGOFF.\n")); return False; - - return True; -} - -/************************************************************************* - net_login_interactive: - *************************************************************************/ - -static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass, - user_struct *vuser) -{ - uint32 status = 0x0; - - char nt_pwd[16]; - char lm_pwd[16]; - unsigned char key[16]; - - memset(key, 0, 16); - memcpy(key, vuser->dc.sess_key, 8); - - memcpy(lm_pwd, id1->lm_owf.data, 16); - memcpy(nt_pwd, id1->nt_owf.data, 16); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("key:")); - dump_data(100, (char *)key, 16); - - DEBUG(100,("lm owf password:")); - dump_data(100, lm_pwd, 16); - - DEBUG(100,("nt owf password:")); - dump_data(100, nt_pwd, 16); -#endif - - SamOEMhash((uchar *)lm_pwd, key, False); - SamOEMhash((uchar *)nt_pwd, key, False); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("decrypt of lm owf password:")); - dump_data(100, lm_pwd, 16); - - DEBUG(100,("decrypt of nt owf password:")); - dump_data(100, nt_pwd, 16); -#endif - - if (memcmp(pdb_get_lanman_passwd(sampass) ,lm_pwd, 16) != 0 || - memcmp(pdb_get_nt_passwd(sampass) ,nt_pwd, 16) != 0) - { - status = NT_STATUS_WRONG_PASSWORD; } - return status; -} - -/************************************************************************* - net_login_network: - *************************************************************************/ - -static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass) -{ - BYTE *nt_pwd, *lanman_pwd; - - DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", - id2->hdr_lm_chal_resp.str_str_len, - id2->hdr_nt_chal_resp.str_str_len)); - - /* JRA. Check the NT password first if it exists - this is a higher quality - password, if it exists and it doesn't match - fail. */ - - nt_pwd = pdb_get_nt_passwd (sampass); - lanman_pwd = pdb_get_lanman_passwd (sampass); - if (id2->hdr_nt_chal_resp.str_str_len == 24 && - nt_pwd != NULL) - { - if(smb_password_check((char *)id2->nt_chal_resp.buffer, nt_pwd, - id2->lm_chal)) - return 0x0; - else - return NT_STATUS_WRONG_PASSWORD; - } - - /* lkclXXXX this is not a good place to put disabling of LM hashes in. - if that is to be done, first move this entire function into a - library routine that calls the two smb_password_check() functions. - if disabling LM hashes (which nt can do for security reasons) then - an attempt should be made to disable them everywhere (which nt does - not do, for various security-hole reasons). - */ - - if (id2->hdr_lm_chal_resp.str_str_len == 24 && - smb_password_check((char *)id2->lm_chal_resp.buffer, - lanman_pwd, id2->lm_chal)) - { - return 0x0; - } - - - /* oops! neither password check succeeded */ - - return NT_STATUS_WRONG_PASSWORD; + return True; } /************************************************************************* @@ -643,284 +157,94 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass) static BOOL api_net_sam_logon(pipes_struct *p) { - uint16 vuid = p->vuid; - NET_Q_SAM_LOGON q_l; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 usr_info; - uint32 status = 0x0; - DOM_CRED srv_cred; - SAM_ACCOUNT *sampass = NULL; - uint16 acct_ctrl; - UNISTR2 *uni_samlogon_user = NULL; - fstring nt_username; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - user_struct *vuser = NULL; - - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return False; - - ZERO_STRUCT(q_l); - ZERO_STRUCT(ctr); - ZERO_STRUCT(usr_info); - - q_l.sam_id.ctr = &ctr; + NET_Q_SAM_LOGON q_u; + NET_R_SAM_LOGON r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - if(!net_io_q_sam_logon("", &q_l, data, 0)) { + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!net_io_q_sam_logon("", &q_u, data, 0)) { DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n")); return False; } - - /* checks and updates credentials. creates reply credentials */ - if (!deal_with_creds(vuser->dc.sess_key, &vuser->dc.clnt_cred, &q_l.sam_id.client.cred, &srv_cred)) - status = NT_STATUS_INVALID_HANDLE; - else - memcpy(&vuser->dc.srv_cred, &vuser->dc.clnt_cred, sizeof(vuser->dc.clnt_cred)); - - /* find the username */ - - if (status == 0) { - switch (q_l.sam_id.logon_level) { - case INTERACTIVE_LOGON_TYPE: - uni_samlogon_user = &q_l.sam_id.ctr->auth.id1.uni_user_name; - - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); - break; - case NET_LOGON_TYPE: - uni_samlogon_user = &q_l.sam_id.ctr->auth.id2.uni_user_name; - - DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); - break; - default: - DEBUG(2,("SAM Logon: unsupported switch value\n")); - status = NT_STATUS_INVALID_INFO_CLASS; - break; - } /* end switch */ - } /* end if status == 0 */ - - /* check username exists */ - - if (status == 0) - { - pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer, - uni_samlogon_user->uni_str_len)); - - DEBUG(3,("User:[%s]\n", nt_username)); - - /* - * Convert to a UNIX username. - */ - map_username(nt_username); - - /* get the account information */ - become_root(); - sampass = pdb_getsampwnam(nt_username); - unbecome_root(); - - acct_ctrl = pdb_get_acct_ctrl(sampass); - if (sampass == NULL) - status = NT_STATUS_NO_SUCH_USER; - else if (acct_ctrl & ACB_PWNOTREQ) - status = 0; - else if (acct_ctrl & ACB_DISABLED) - status = NT_STATUS_ACCOUNT_DISABLED; - } - - /* Validate password - if required. */ - - if ((status == 0) && !(acct_ctrl & ACB_PWNOTREQ)) { - switch (q_l.sam_id.logon_level) { - case INTERACTIVE_LOGON_TYPE: - /* interactive login. */ - status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, - sampass, vuser); - break; - case NET_LOGON_TYPE: - /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, sampass); - break; - } - } - - /* lkclXXXX this is the point at which, if the login was - successful, that the SAM Local Security Authority should - record that the user is logged in to the domain. - */ - - /* return the profile plus other bits :-) */ - - if (status == 0) { - DOM_GID *gids = NULL; - int num_gids = 0; - pstring my_name; - pstring my_workgroup; - pstring domain_groups; - - /* set up pointer indicating user/password failed to be found */ - usr_info.ptr_user_info = 0; - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - - /* - * All this information should be filled in from the - * passdb information - */ - sam_logon_in_ssb = True; - pstrcpy(samlogon_user, nt_username); - -#if 0 - gid = pdb_get_gid(sampass); - - pstrcpy(str, pdb_get_logon_script(sampass)); - standard_sub_advanced(-1, nt_username, "", gid, str); - pdb_set_logon_script(sampass, str); - - pstrcpy(str, pdb_get_profile_path(sampass)); - standard_sub_advanced(-1, nt_username, "", gid, str); - pdb_set_profile_path(sampass, str); - - pstrcpy(str, pdb_get_homedir(sampass)); - standard_sub_advanced(-1, nt_username, "", gid, str); - pdb_set_homedir(sampass, str); - - fstrcpy(full_name, ""); - if (lp_unix_realname()) - fstrcpy(full_name, pdb_get_fullname(sampass)); -#endif - - pstrcpy(my_workgroup, lp_workgroup()); - pstrcpy(my_name, global_myname); - strupper(my_name); - - - /* - * This is the point at which we get the group - * database - we should be getting the gid_t list - * from /etc/group and then turning the uids into - * rids and then into machine sids for this user. - * JRA. - */ - - get_domain_user_groups(domain_groups, nt_username); - - /* - * make_dom_gids allocates the gids array. JRA. - */ - gids = NULL; - num_gids = make_dom_gids(domain_groups, &gids); - - sam_logon_in_ssb = False; - - /* - * This next call is where the 'domain admin users' parameter - * gets mapped. I'm leaving it out for now. The user and group rid - * has already been mapped into the SAM_ACCOUNT struct. I don't - * think this should be overridden here. The correct solution - * is proper group memberships and mapping. --jerry - */ -#if 0 - if (pdb_name_to_rid(nt_username, &r_uid, &r_gid)) -#endif - init_net_user_info3(&usr_info, sampass, - 0, /* logon_count */ - 0, /* bad_pw_count */ - num_gids, /* uint32 num_groups */ - gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ - NULL, /* char sess_key[16] */ - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - &global_sam_sid, /* DOM_SID *dom_sid */ - NULL); /* char *other_sids */ - -#if 0 - else - status = NT_STATUS_NO_SUCH_USER; -#endif - - /* Free any allocated groups array. */ - if(gids) - free((char *)gids); - } - - if(!net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status)) { - free_user_info3(&usr_info); - return False; - } + + r_u.status = _net_sam_logon(p, &q_u, &r_u); - free_user_info3(&usr_info); + /* store the response in the SMB stream */ + if(!net_io_r_sam_logon("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n")); + return False; + } return True; } - /************************************************************************* api_net_trust_dom_list: *************************************************************************/ static BOOL api_net_trust_dom_list(pipes_struct *p) { - NET_Q_TRUST_DOM_LIST q_t; + NET_Q_TRUST_DOM_LIST q_u; + NET_R_TRUST_DOM_LIST r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - char *trusted_domain = "test_domain"; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__)); /* grab the lsa trusted domain list query... */ - if(!net_io_q_trust_dom("", &q_t, data, 0)) { + if(!net_io_q_trust_dom("", &q_u, data, 0)) { DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n")); return False; } /* construct reply. */ - if(!net_reply_trust_dom_list(&q_t, rdata, 1, trusted_domain)) + r_u.status = _net_trust_dom_list(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_trust_dom("", &r_u, rdata, 0)) { + DEBUG(0,("net_reply_trust_dom_list: Failed to marshall NET_R_TRUST_DOM_LIST.\n")); return False; + } DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__)); return True; } - -/************************************************************************* - error messages cropping up when using nltest.exe... - *************************************************************************/ -#define ERROR_NO_SUCH_DOMAIN 0x54b -#define ERROR_NO_LOGON_SERVERS 0x51f - /************************************************************************* api_net_logon_ctrl2: *************************************************************************/ static BOOL api_net_logon_ctrl2(pipes_struct *p) { - NET_Q_LOGON_CTRL2 q_l; + NET_Q_LOGON_CTRL2 q_u; + NET_R_LOGON_CTRL2 r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* lkclXXXX - guess what - absolutely no idea what these are! */ - uint32 flags = 0x0; - uint32 pdc_connection_status = 0x0; - uint32 logon_attempts = 0x0; - uint32 tc_status = ERROR_NO_LOGON_SERVERS; - char *trusted_domain = "test_domain"; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); /* grab the lsa netlogon ctrl2 query... */ - if(!net_io_q_logon_ctrl2("", &q_l, data, 0)) { + if(!net_io_q_logon_ctrl2("", &q_u, data, 0)) { DEBUG(0,("api_net_logon_ctrl2: Failed to unmarshall NET_Q_LOGON_CTRL2.\n")); return False; } - /* construct reply. */ - if(!net_reply_logon_ctrl2(&q_l, rdata, - flags, pdc_connection_status, logon_attempts, - tc_status, trusted_domain)) + r_u.status = _net_logon_ctrl2(p, &q_u, &r_u); + + if(!net_io_r_logon_ctrl2("", &r_u, rdata, 0)) { + DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n")); return False; + } DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); @@ -950,4 +274,3 @@ BOOL api_netlog_rpc(pipes_struct *p) { return api_rpcTNP(p, "api_netlog_rpc", api_net_cmds); } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 151c72499a..613f8f54b2 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -129,7 +129,8 @@ static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s, static BOOL get_md4pw(char *md4pw, char *mach_acct) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sampass = NULL; + BYTE *pass; #if 0 /* @@ -150,17 +151,18 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct) #endif /* 0 */ become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - - if ((smb_pass) != NULL && !(smb_pass->acct_ctrl & ACB_DISABLED) && - (smb_pass->smb_nt_passwd != NULL)) + + if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) && + ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { - memcpy(md4pw, smb_pass->smb_nt_passwd, 16); + memcpy(md4pw, pass, 16); dump_data(5, md4pw, 16); - + return True; } + DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); return False; } @@ -256,11 +258,11 @@ uint32 _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { uint16 vuid = p->vuid; - uint32 status = NT_STATUS_NOPROBLEMO; + uint32 status = NT_STATUS_WRONG_PASSWORD; DOM_CRED srv_cred; pstring mach_acct; - struct smb_passwd *smb_pass; - BOOL ret; + SAM_ACCOUNT *sampass; + BOOL ret = False; user_struct *vuser; unsigned char pwd[16]; int i; @@ -282,10 +284,10 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_ DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct)); become_root(); - smb_pass = getsmbpwnam(mach_acct); + sampass = pdb_getsampwnam(mach_acct); unbecome_root(); - if (smb_pass == NULL) + if (sampass == NULL) return NT_STATUS_NO_SUCH_USER; DEBUG(100,("Server password set : new given value was :\n")); @@ -296,16 +298,16 @@ uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_ cred_hash3( pwd, q_u->pwd, vuser->dc.sess_key, 0); /* lies! nt and lm passwords are _not_ the same: don't care */ - smb_pass->smb_passwd = pwd; - smb_pass->smb_nt_passwd = pwd; - smb_pass->acct_ctrl = ACB_WSTRUST; - + pdb_set_lanman_passwd (sampass, pwd); + pdb_set_nt_passwd (sampass, pwd); + pdb_set_acct_ctrl (sampass, ACB_WSTRUST); + become_root(); - ret = mod_smbpwd_entry(smb_pass,False); + ret = pdb_update_sam_account (sampass,False); unbecome_root(); - - if (!ret) - status = NT_STATUS_WRONG_PASSWORD; + + if (ret) + status = NT_STATUS_NOPROBLEMO; /* set up the LSA Server Password Set response */ init_net_r_srv_pwset(r_u, &srv_cred, status); @@ -347,7 +349,7 @@ uint32 _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF net_login_interactive: *************************************************************************/ -static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_pass, user_struct *vuser) +static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass, user_struct *vuser) { uint32 status = 0x0; @@ -383,9 +385,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p dump_data(100, nt_pwd, 16); #endif - if (memcmp(smb_pass->smb_passwd , lm_pwd, 16) != 0 || - memcmp(smb_pass->smb_nt_passwd, nt_pwd, 16) != 0) - { + if (memcmp(pdb_get_lanman_passwd(sampass), lm_pwd, 16) != 0 || + memcmp(pdb_get_nt_passwd(sampass), nt_pwd, 16) != 0) { status = NT_STATUS_WRONG_PASSWORD; } @@ -396,8 +397,10 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p _net_login_network: *************************************************************************/ -static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) +static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass) { + BYTE *nt_pwd, *lanman_pwd; + DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", id2->hdr_lm_chal_resp.str_str_len, id2->hdr_nt_chal_resp.str_str_len)); @@ -405,13 +408,13 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) /* JRA. Check the NT password first if it exists - this is a higher quality password, if it exists and it doesn't match - fail. */ - if (id2->hdr_nt_chal_resp.str_str_len == 24 && - smb_pass->smb_nt_passwd != NULL) - { + nt_pwd = pdb_get_nt_passwd(sampass); + lanman_pwd = pdb_get_lanman_passwd(sampass); + + if (id2->hdr_nt_chal_resp.str_str_len == 24 && nt_pwd) { if(smb_password_check((char *)id2->nt_chal_resp.buffer, - smb_pass->smb_nt_passwd, - id2->lm_chal)) - return 0x0; + nt_pwd, id2->lm_chal)) + return NT_STATUS_NOPROBLEMO; else return NT_STATUS_WRONG_PASSWORD; } @@ -424,14 +427,10 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass) not do, for various security-hole reasons). */ - if (id2->hdr_lm_chal_resp.str_str_len == 24 && + if (id2->hdr_lm_chal_resp.str_str_len == 24 && lanman_pwd && smb_password_check((char *)id2->lm_chal_resp.buffer, - smb_pass->smb_passwd, - id2->lm_chal)) - { - return 0x0; - } - + lanman_pwd, id2->lm_chal)) + return NT_STATUS_NOPROBLEMO; /* oops! neither password check succeeded */ @@ -448,11 +447,10 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ uint16 vuid = p->vuid; NET_USER_INFO_3 *usr_info = NULL; DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; - struct sam_passwd *sam_pass = NULL; + SAM_ACCOUNT *sampass = NULL; + uint16 acct_ctrl; UNISTR2 *uni_samlogon_user = NULL; fstring nt_username; - struct passwd *pw; user_struct *vuser = NULL; usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3)); @@ -499,33 +497,30 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ map_username(nt_username); - /* - * Do any case conversions. - */ - - pw=Get_Pwnam(nt_username, True); - + /* get the account information */ become_root(); - sam_pass = getsam21pwnam(nt_username); - smb_pass = getsmbpwnam(nt_username); + sampass = pdb_getsampwnam(nt_username); unbecome_root(); - - if (smb_pass == NULL) + + if (sampass == NULL) return NT_STATUS_NO_SUCH_USER; - else if (smb_pass->acct_ctrl & ACB_DISABLED) + + acct_ctrl = pdb_get_acct_ctrl(sampass); + + if (acct_ctrl & ACB_DISABLED) return NT_STATUS_ACCOUNT_DISABLED; /* Validate password - if required. */ - if (!(smb_pass->acct_ctrl & ACB_PWNOTREQ)) { + if (!(acct_ctrl & ACB_PWNOTREQ)) { switch (q_u->sam_id.logon_level) { case INTERACTIVE_LOGON_TYPE: /* interactive login. */ - status = net_login_interactive(&q_u->sam_id.ctr->auth.id1, smb_pass, vuser); + status = net_login_interactive(&q_u->sam_id.ctr->auth.id1, sampass, vuser); break; case NET_LOGON_TYPE: /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_u->sam_id.ctr->auth.id2, smb_pass); + status = net_login_network(&q_u->sam_id.ctr->auth.id2, sampass); break; } } @@ -538,58 +533,25 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ record that the user is logged in to the domain. */ - /* return the profile plus other bits :-) */ - { DOM_GID *gids = NULL; int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; pstring my_name; pstring my_workgroup; pstring domain_groups; - uint32 r_uid; - uint32 r_gid; - fstring full_name; /* set up pointer indicating user/password failed to be found */ usr_info->ptr_user_info = 0; - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - /* XXXX hack to get standard_sub_basic() to use sam logon username */ /* possibly a better way would be to do a become_user() call */ sam_logon_in_ssb = True; pstrcpy(samlogon_user, nt_username); - pstrcpy(logon_script, sam_pass->logon_script); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, logon_script); - - pstrcpy(profile_path, sam_pass->profile_path); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, profile_path); - pstrcpy(my_workgroup, lp_workgroup()); - - pstrcpy(home_drive, sam_pass->dir_drive); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_drive); - - pstrcpy(home_dir, sam_pass->home_dir); - standard_sub_advanced(-1, nt_username, "", pw->pw_gid, home_dir); - pstrcpy(my_name, global_myname); strupper(my_name); - pstrcpy(full_name, sam_pass->full_name ); - if( !*full_name ) { - fstrcpy(full_name, ""); - if (lp_unix_realname()) - fstrcpy(full_name, strtok(pw->pw_gecos, ",")); - } - /* * This is the point at which we get the group * database - we should be getting the gid_t list @@ -608,41 +570,17 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_ sam_logon_in_ssb = False; - if (pdb_name_to_rid(nt_username, &r_uid, &r_gid)) - init_net_user_info3(p->mem_ctx, usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - nt_username , /* user_name */ - full_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - - 0, /* logon_count */ - 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ - num_gids, /* uint32 num_groups */ - gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ - - NULL, /* char sess_key[16] */ - - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - &global_sam_sid, /* DOM_SID *dom_sid */ - NULL); /* char *other_sids */ - else - return NT_STATUS_NO_SUCH_USER; - + init_net_user_info3(p->mem_ctx, usr_info, sampass, + 0, /* logon_count */ + 0, /* bad_pw_count */ + num_gids, /* uint32 num_groups */ + gids , /* DOM_GID *gids */ + 0x20 , /* uint32 user_flgs (?) */ + NULL, /* char sess_key[16] */ + my_name , /* char *logon_srv */ + my_workgroup, /* char *logon_dom */ + &global_sam_sid, /* DOM_SID *dom_sid */ + NULL); /* char *other_sids */ } /* XXXX maybe we want to say 'no', reject the client's credentials */ diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index dcefeed8b9..bc5b2ab473 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -270,9 +269,9 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm fstring domain; fstring wks; BOOL guest_user = False; - SAM_ACCOUNT *sam_pass = NULL; - BYTE null_smb_passwd[16]; - BYTE *smb_passwd_ptr = NULL; + SAM_ACCOUNT *sampass = NULL; + uchar null_smb_passwd[16]; + uchar *smb_passwd_ptr = NULL; DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); @@ -358,18 +357,6 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm return False; } -/* unnecessary as the passdb validates the user before returning --jerry */ -#if 0 - /* - * Find the user in the unix password db. - */ - - if(!(pass = Get_Pwnam(pipe_user_name,True))) { - DEBUG(1,("Couldn't find user '%s' in UNIX password database.\n",pipe_user_name)); - return(False); - } - -#endif /* 0 */ if(!guest_user) { @@ -383,8 +370,8 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name return False; } - if(!(sam_pass = pdb_getsampwnam(pipe_user_name))) { - DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in passdb.\n", + if(!(sampass = pdb_getsampwnam(pipe_user_name))) { + DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n", pipe_user_name)); unbecome_root(); return False; @@ -392,24 +379,18 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name unbecome_root(); - if (sam_pass == NULL) { - DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in passdb.\n", - pipe_user_name)); - return(False); - } - - /* Quit if the account was disabled. */ - if((pdb_get_acct_ctrl(sam_pass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sam_pass)) { - DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name)); - return(False); - } - - if(!pdb_get_nt_passwd(sam_pass)) { - DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name)); - return(False); - } - - smb_passwd_ptr = pdb_get_lanman_passwd(sam_pass); + /* Quit if the account was disabled. */ + if((pdb_get_acct_ctrl(sampass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sampass)) { + DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name)); + return(False); + } + + if(!pdb_get_nt_passwd(sampass)) { + DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name)); + return(False); + } + + smb_passwd_ptr = pdb_get_lanman_passwd(sampass); } /* @@ -459,18 +440,18 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name /* * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - p->pipe_user.uid = pdb_get_uid(sam_pass); - p->pipe_user.gid = pdb_get_gid(sam_pass); + + p->pipe_user.uid = pdb_get_uid(sampass); + p->pipe_user.gid = pdb_get_uid(sampass); /* Set up pipe user group membership. */ initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups); /* Create an NT_USER_TOKEN struct for this user. */ - p->pipe_user.nt_user_token = - create_nt_token(p->pipe_user.uid,p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups, - guest_user); + p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid, + p->pipe_user.ngroups, p->pipe_user.groups, + guest_user); p->ntlmssp_auth_validated = True; return True; @@ -1148,7 +1129,9 @@ BOOL api_pipe_request(pipes_struct *p) if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) && api_fd_commands[i].fn != NULL) { DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name)); + set_current_rpc_talloc(p->mem_ctx); ret = api_fd_commands[i].fn(p); + set_current_rpc_talloc(NULL); } } @@ -1222,7 +1205,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n")); if (data) { - prs_uint8s(False, "", &p->in_data.data, 0, data, + prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, data_len); free(data); } @@ -1231,5 +1214,3 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, return True; } - -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 5545071913..cd072122f3 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -40,6 +39,20 @@ static int pipes_open; static pipes_struct *Pipes; static struct bitmap *bmap; +/**************************************************************************** + Pipe iterator functions. +****************************************************************************/ + +pipes_struct *get_first_pipe(void) +{ + return Pipes; +} + +pipes_struct *get_next_pipe(pipes_struct *p) +{ + return p->next; +} + /* this must be larger than the sum of the open files and directories */ static int pipe_handle_offset; @@ -135,7 +148,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, next_pipe = (i+1) % MAX_OPEN_PIPES; for (p = Pipes; p; p = p->next) - DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); + DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); p = (pipes_struct *)malloc(sizeof(*p)); @@ -150,6 +163,8 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, return NULL; } + init_pipe_handles(p); + DLIST_ADD(Pipes, p); /* @@ -379,6 +394,23 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return 0; /* No extra data processed. */ } +/**************************************************************************** + Call this to free any talloc'ed memory. Do this before and after processing + a complete PDU. +****************************************************************************/ + +void free_pipe_context(pipes_struct *p) +{ + if (p->mem_ctx) { + DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init(); + if (p->mem_ctx == NULL) + p->fault_state = True; + } +} + /**************************************************************************** Processes a request pdu. This will do auth processing if needed, and appends the data into the complete stream if the LAST flag is not set. @@ -487,9 +519,13 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ + free_pipe_context(p); + if(pipe_init_outgoing_data(p)) ret = api_pipe_request(p); + free_pipe_context(p); + /* * We have consumed the whole data stream. Set back to * marshalling and set the offset back to the start of @@ -780,23 +816,6 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, out: - if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { - /* - * We have copied all possible data into the current_pdu. This RPC is finished. - * Reset the talloc context to free any allocated data from this RPC. - */ - - if (p->mem_ctx) { - DEBUG(3,("read_from_pipe: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); - talloc_destroy_pool(p->mem_ctx); - } else { - p->mem_ctx = talloc_init(); - if (p->mem_ctx == NULL) - p->fault_state = True; - } - - } - return data_returned; } @@ -865,6 +884,9 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) if (p->mem_ctx) talloc_destroy(p->mem_ctx); + /* Free the handles database. */ + close_policy_by_pipe(p); + bitmap_clear(bmap, p->pnum - pipe_handle_offset); pipes_open--; @@ -921,4 +943,3 @@ pipes_struct *get_rpc_pipe(int pnum) return NULL; } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_reg.c b/source3/rpc_server/srv_reg.c index 1ca9963cd4..65f0e2304c 100644 --- a/source3/rpc_server/srv_reg.c +++ b/source3/rpc_server/srv_reg.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -156,4 +155,3 @@ BOOL api_reg_rpc(pipes_struct *p) { return api_rpcTNP(p, "api_reg_rpc", api_reg_cmds); } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_reg_nt.c b/source3/rpc_server/srv_reg_nt.c index 4bd97abb65..4f941e3e1b 100644 --- a/source3/rpc_server/srv_reg_nt.c +++ b/source3/rpc_server/srv_reg_nt.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -30,6 +29,19 @@ extern int DEBUGLEVEL; +struct reg_info +{ + /* for use by \PIPE\winreg */ + fstring name; /* name of registry key */ +}; + +static void free_reg_info(void *ptr) +{ + struct reg_info *info = (struct reg_info *)ptr; + + safe_free(info); +} + /******************************************************************* reg_reply_unknown_1 ********************************************************************/ @@ -40,7 +52,7 @@ uint32 _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) ZERO_STRUCT(r_u->pol); /* close the policy handle */ - if (!close_lsa_policy_hnd(&q_u->pol)) + if (!close_policy_hnd(p, &q_u->pol)) return NT_STATUS_OBJECT_NAME_INVALID; return NT_STATUS_NOPROBLEMO; @@ -52,7 +64,7 @@ uint32 _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) uint32 _reg_open(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u) { - if (!open_lsa_policy_hnd(&r_u->pol)) + if (!create_policy_hnd(p, &r_u->pol, free_reg_info, NULL)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; return NT_STATUS_NOPROBLEMO; @@ -66,15 +78,13 @@ uint32 _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY { POLICY_HND pol; fstring name; + struct reg_info *info = NULL; DEBUG(5,("reg_open_entry: %d\n", __LINE__)); - if (find_lsa_policy_by_hnd(&q_u->pol) == -1) + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) return NT_STATUS_INVALID_HANDLE; - if (!open_lsa_policy_hnd(&pol)) - return NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ - fstrcpy(name, dos_unistrn2(q_u->uni_name.buffer, q_u->uni_name.uni_str_len)); DEBUG(5,("reg_open_entry: %s\n", name)); @@ -84,7 +94,13 @@ uint32 _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY !strequal(name, "System\\CurrentControlSet\\services\\Netlogon\\parameters\\")) return NT_STATUS_ACCESS_DENIED; - if (!set_lsa_policy_reg_name(&pol, name)) + if ((info = (struct reg_info *)malloc(sizeof(struct reg_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + fstrcpy(info->name, name); + + if (!create_policy_hnd(p, &pol, free_reg_info, (void *)info)) return NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ init_reg_r_open_entry(r_u, &pol, NT_STATUS_NOPROBLEMO); @@ -110,7 +126,7 @@ uint32 _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) DEBUG(5,("_reg_info: %d\n", __LINE__)); - if (find_lsa_policy_by_hnd(&q_u->pol) == -1) + if (find_policy_by_hnd(p, &q_u->pol, NULL) == -1) return NT_STATUS_INVALID_HANDLE; fstrcpy(name, dos_unistrn2(q_u->uni_type.buffer, q_u->uni_type.uni_str_len)); @@ -161,4 +177,3 @@ uint32 _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) return status; } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 2f4143bd6a..828e2e5595 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -7,6 +6,10 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. * Copyright (C) Hewlett-Packard Company 1999. + * + * Split into interface and implementation modules by, + * + * Copyright (C) Jeremy Allison 2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,2458 +26,1109 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +/* + * This is the interface to the SAMR code. + */ + #include "includes.h" extern int DEBUGLEVEL; -extern fstring global_myworkgroup; -extern pstring global_myname; -extern DOM_SID global_sam_sid; - -extern rid_name domain_group_rids[]; -extern rid_name domain_alias_rids[]; -extern rid_name builtin_alias_rids[]; - /******************************************************************* - This next function should be replaced with something that - dynamically returns the correct user info..... JRA. + api_samr_close_hnd ********************************************************************/ -static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, - int *total_entries, int *num_entries, - int max_num_entries, uint16 acb_mask) +static BOOL api_samr_close_hnd(pipes_struct *p) { - SAM_ACCOUNT *pwd = NULL; - - (*num_entries) = 0; - (*total_entries) = 0; + SAMR_Q_CLOSE_HND q_u; + SAMR_R_CLOSE_HND r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - if (pw_buf == NULL) - return False; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (!pdb_setsampwent(False)) - { - DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); + if(!samr_io_q_close_hnd("", &q_u, data, 0)) { + DEBUG(0,("api_samr_close_hnd: unable to unmarshall SAMR_Q_CLOSE_HND.\n")); return False; } - while ( ((pwd=pdb_getsampwent()) != NULL) && ((*num_entries) < max_num_entries) ) - { - int user_name_len; - - if (start_idx > 0) { - /* skip the requested number of entries. - not very efficient, but hey... - */ - start_idx--; - continue; - } - - user_name_len = strlen(pdb_get_username(pwd))+1; - init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pdb_get_username(pwd), user_name_len); - init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len); - pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd); - memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); - - /* Now check if the NT compatible password is available. */ - if (pdb_get_nt_passwd(pwd) != NULL) - { - memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16); - } - - pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd); - - DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pdb_get_username(pwd), - pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd))); - - if (acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask)) - { - DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); - (*num_entries)++; - } - else - { - DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); - } - - (*total_entries)++; - } - - pdb_endsampwent(); - - return (*num_entries) > 0; -} - -/******************************************************************* - This function uses the username map file and tries to map a UNIX - user name to an DOS name. (Sort of the reverse of the - map_username() function.) Since more than one DOS name can map - to the UNIX name, to reverse the mapping you have to specify - which corresponding DOS name you want; that's where the name_idx - parameter comes in. Returns the string requested or NULL if it - fails or can't complete the request for any reason. This doesn't - handle group names (starting with '@') or names starting with - '+' or '&'. If they are encountered, they are skipped. -********************************************************************/ - -static char *unmap_unixname(char *unix_user_name, int name_idx) -{ - char *mapfile = lp_username_map(); - char **lines; - static pstring tok; - int i; - - if (!*unix_user_name) return NULL; - if (!*mapfile) return NULL; - - lines = file_lines_load(mapfile, NULL,False); - if (!lines) { - DEBUG(0,("unmap_unixname: can't open username map %s\n", mapfile)); - return NULL; - } - - DEBUG(5,("unmap_unixname: scanning username map %s, index: %d\n", mapfile, name_idx)); - - for (i=0; lines[i]; i++) { - char *unixname = lines[i]; - char *dosname = strchr(unixname,'='); - - if (!dosname) - continue; - - *dosname++ = 0; - - while (isspace(*unixname)) - unixname++; - if ('!' == *unixname) { - unixname++; - while (*unixname && isspace(*unixname)) - unixname++; - } - - if (!*unixname || strchr("#;",*unixname)) - continue; - - if (strncmp(unixname, unix_user_name, strlen(unix_user_name))) - continue; - - /* We have matched the UNIX user name */ - - while(next_token(&dosname, tok, LIST_SEP, sizeof(tok))) { - if (!strchr("@&+", *tok)) { - name_idx--; - if (name_idx < 0 ) { - break; - } - } - } - - if (name_idx >= 0) { - DEBUG(0,("unmap_unixname: index too high - not that many DOS names\n")); - file_lines_free(lines); - return NULL; - } else { - file_lines_free(lines); - return tok; - } - } - - DEBUG(0,("unmap_unixname: Couldn't find the UNIX user name\n")); - file_lines_free(lines); - return NULL; -} - -/******************************************************************* - This function sets up a list of users taken from the list of - users that UNIX knows about, as well as all the user names that - Samba maps to a valid UNIX user name. (This should work with - /etc/passwd or NIS.) -********************************************************************/ - -static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf, - int start_idx, - int *total_entries, int *num_entries, - int max_num_entries, - uint16 acb_mask) -{ - static struct passwd *pwd = NULL; - static uint32 pw_rid; - static BOOL orig_done = False; - static int current_idx = 0; - static int mapped_idx = 0; - char *sep; - - DEBUG(5, ("get_passwd_entries: retrieving a list of UNIX users\n")); - - (*num_entries) = 0; - (*total_entries) = 0; - - /* Skip all this stuff if we're in appliance mode */ - - if (lp_hide_local_users()) goto done; - - if (pw_buf == NULL) return False; - - if (current_idx == 0) { - sys_setpwent(); - } - - /* These two cases are inefficient, but should be called very rarely */ - /* they are the cases where the starting index isn't picking up */ - /* where we left off last time. It is efficient when it starts over */ - /* at zero though. */ - if (start_idx > current_idx) { - /* We aren't far enough; advance to start_idx */ - while (current_idx < start_idx) { - char *unmap_name; - - if(!orig_done) { - if ((pwd = sys_getpwent()) == NULL) break; - current_idx++; - orig_done = True; - } - - while (((unmap_name = unmap_unixname(pwd->pw_name, mapped_idx)) != NULL) && - (current_idx < start_idx)) { - current_idx++; - mapped_idx++; - } - - if (unmap_name == NULL) { - orig_done = False; - mapped_idx = 0; - } - } - } else if (start_idx < current_idx) { - /* We are already too far; start over and advance to start_idx */ - sys_endpwent(); - sys_setpwent(); - current_idx = 0; - mapped_idx = 0; - orig_done = False; - while (current_idx < start_idx) { - char *unmap_name; - - if(!orig_done) { - if ((pwd = sys_getpwent()) == NULL) break; - current_idx++; - orig_done = True; - } - - while (((unmap_name = unmap_unixname(pwd->pw_name, mapped_idx)) != NULL) && - (current_idx < start_idx)) { - current_idx++; - mapped_idx++; - } - - if (unmap_name == NULL) { - orig_done = False; - mapped_idx = 0; - } - } - } - - sep = lp_winbind_separator(); - - /* now current_idx == start_idx */ - while ((*num_entries) < max_num_entries) { - int user_name_len; - char *unmap_name; - - /* This does the original UNIX user itself */ - if(!orig_done) { - if ((pwd = sys_getpwent()) == NULL) break; - - /* Don't enumerate winbind users as they are not local */ - - if (strchr(pwd->pw_name, *sep) != NULL) { - continue; - } - - user_name_len = strlen(pwd->pw_name); - pw_rid = pdb_uid_to_user_rid(pwd->pw_uid); - ZERO_STRUCTP(&pw_buf[(*num_entries)]); - init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->pw_name, user_name_len); - init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len); - pw_buf[(*num_entries)].user_rid = pw_rid; - memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); - - pw_buf[(*num_entries)].acb_info = ACB_NORMAL; - - DEBUG(5, ("get_passwd_entries: entry idx %d user %s, rid 0x%x\n", (*num_entries), pwd->pw_name, pw_rid)); - - (*num_entries)++; - (*total_entries)++; - current_idx++; - orig_done = True; - } - - /* This does all the user names that map to the UNIX user */ - while (((unmap_name = unmap_unixname(pwd->pw_name, mapped_idx)) != NULL) && - (*num_entries < max_num_entries)) { - user_name_len = strlen(unmap_name); - ZERO_STRUCTP(&pw_buf[(*num_entries)]); - init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), unmap_name, user_name_len); - init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len); - pw_buf[(*num_entries)].user_rid = pw_rid; - memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); - - pw_buf[(*num_entries)].acb_info = ACB_NORMAL; - - DEBUG(5, ("get_passwd_entries: entry idx %d user %s, rid 0x%x\n", (*num_entries), pwd->pw_name, pw_rid)); - - (*num_entries)++; - (*total_entries)++; - current_idx++; - mapped_idx++; - } - - if (unmap_name == NULL) { - /* done with 'aliases', go on to next UNIX user */ - orig_done = False; - mapped_idx = 0; - } - } + r_u.status = _samr_close_hnd(p, &q_u, &r_u); - if (pwd == NULL) { - /* totally done, reset everything */ - sys_endpwent(); - current_idx = 0; - mapped_idx = 0; + /* store the response in the SMB stream */ + if(!samr_io_r_close_hnd("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_close_hnd: unable to marshall SAMR_R_CLOSE_HND.\n")); + return False; } -done: - return (*num_entries) > 0; + return True; } /******************************************************************* - samr_reply_unknown_1 + api_samr_open_domain ********************************************************************/ -static BOOL samr_reply_close_hnd(SAMR_Q_CLOSE_HND *q_u, - prs_struct *rdata) + +static BOOL api_samr_open_domain(pipes_struct *p) { - SAMR_R_CLOSE_HND r_u; + SAMR_Q_OPEN_DOMAIN q_u; + SAMR_R_OPEN_DOMAIN r_u; - /* set up the SAMR unknown_1 response */ - ZERO_STRUCT(r_u.pol); + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - /* close the policy handle */ - if (close_lsa_policy_hnd(&(q_u->pol))) - { - r_u.status = 0; - } - else - { - r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_INVALID; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_open_domain("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_domain: unable to unmarshall SAMR_Q_OPEN_DOMAIN.\n")); + return False; } - DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__)); + r_u.status = _samr_open_domain(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_close_hnd("", &r_u, rdata, 0)) + if(!samr_io_r_open_domain("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_domain: unable to marshall SAMR_R_OPEN_DOMAIN.\n")); return False; - - DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__)); + } return True; } /******************************************************************* - api_samr_close_hnd + api_samr_get_usrdom_pwinfo ********************************************************************/ -static BOOL api_samr_close_hnd(pipes_struct *p) + +static BOOL api_samr_get_usrdom_pwinfo(pipes_struct *p) { - SAMR_Q_CLOSE_HND q_u; + SAMR_Q_GET_USRDOM_PWINFO q_u; + SAMR_R_GET_USRDOM_PWINFO r_u; + prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* grab the samr unknown 1 */ - if(!samr_io_q_close_hnd("", &q_u, data, 0)) + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) return False; - /* construct reply. always indicate success */ - if(!samr_reply_close_hnd(&q_u, rdata)) + r_u.status = _samr_get_usrdom_pwinfo(p, &q_u, &r_u); + + if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) return False; return True; } - /******************************************************************* - samr_reply_open_domain + api_samr_query_sec_obj ********************************************************************/ -static BOOL samr_reply_open_domain(SAMR_Q_OPEN_DOMAIN *q_u, - prs_struct *rdata) -{ - SAMR_R_OPEN_DOMAIN r_u; - BOOL pol_open = False; - r_u.status = 0x0; - - /* find the connection policy handle. */ - if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } +static BOOL api_samr_query_sec_obj(pipes_struct *p) +{ + SAMR_Q_QUERY_SEC_OBJ q_u; + SAMR_R_QUERY_SEC_OBJ r_u; - /* get a (unique) handle. open a policy on it. */ - if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.domain_pol)))) - { - r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; - } + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - /* associate the domain SID with the (unique) handle. */ - if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.domain_pol), &(q_u->dom_sid.sid))) - { - /* oh, whoops. don't know what error message to return, here */ - r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (r_u.status != 0 && pol_open) - { - close_lsa_policy_hnd(&(r_u.domain_pol)); - } + if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) + return False; - DEBUG(5,("samr_open_domain: %d\n", __LINE__)); + r_u.status = _samr_query_sec_obj(p, &q_u, &r_u); - /* store the response in the SMB stream */ - if(!samr_io_r_open_domain("", &r_u, rdata, 0)) + if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) return False; - DEBUG(5,("samr_open_domain: %d\n", __LINE__)); - return True; } /******************************************************************* - api_samr_open_domain + api_samr_enum_dom_users ********************************************************************/ -static BOOL api_samr_open_domain(pipes_struct *p) + +static BOOL api_samr_enum_dom_users(pipes_struct *p) { - SAMR_Q_OPEN_DOMAIN q_u; + SAMR_Q_ENUM_DOM_USERS q_u; + SAMR_R_ENUM_DOM_USERS r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + /* grab the samr open */ - if(!samr_io_q_open_domain("", &q_u, data, 0)) + if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) return False; - /* construct reply. always indicate success */ - if(!samr_reply_open_domain(&q_u, rdata)) + r_u.status = _samr_enum_dom_users(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) return False; return True; } - /******************************************************************* - samr_reply_unknown_2c + api_samr_enum_dom_groups ********************************************************************/ -static BOOL samr_reply_unknown_2c(SAMR_Q_UNKNOWN_2C *q_u, - prs_struct *rdata) -{ - SAMR_R_UNKNOWN_2C r_u; - uint32 status = 0x0; - /* find the policy handle. open a policy on it. */ - if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->user_pol)) == -1)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } +static BOOL api_samr_enum_dom_groups(pipes_struct *p) +{ + SAMR_Q_ENUM_DOM_GROUPS q_u; + SAMR_R_ENUM_DOM_GROUPS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - /* find the user's rid */ - if ((status == 0x0) && (get_lsa_policy_samr_rid(&(q_u->user_pol)) == 0xffffffff)) - { - status = NT_STATUS_OBJECT_TYPE_MISMATCH; - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - init_samr_r_unknown_2c(&r_u, status); + /* grab the samr open */ + if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) + return False; - DEBUG(5,("samr_unknown_2c: %d\n", __LINE__)); + r_u.status = _samr_enum_dom_groups(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_unknown_2c("", &r_u, rdata, 0)) + if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) return False; - DEBUG(5,("samr_unknown_2c: %d\n", __LINE__)); - return True; } /******************************************************************* - api_samr_unknown_2c + api_samr_enum_dom_aliases ********************************************************************/ -static BOOL api_samr_unknown_2c(pipes_struct *p) + +static BOOL api_samr_enum_dom_aliases(pipes_struct *p) { - SAMR_Q_UNKNOWN_2C q_u; + SAMR_Q_ENUM_DOM_ALIASES q_u; + SAMR_R_ENUM_DOM_ALIASES r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); /* grab the samr open */ - if(!samr_io_q_unknown_2c("", &q_u, data, 0)) + if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) return False; - /* construct reply. always indicate success */ - if(!samr_reply_unknown_2c(&q_u, rdata)) + r_u.status = _samr_enum_dom_aliases(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) return False; return True; } - /******************************************************************* - samr_reply_unknown_3 + api_samr_query_dispinfo ********************************************************************/ -static BOOL samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, - prs_struct *rdata) -{ - SAMR_R_UNKNOWN_3 r_u; - DOM_SID3 sid[MAX_SAM_SIDS]; - uint32 rid; - uint32 status; - - status = 0x0; - /* find the policy handle. open a policy on it. */ - if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->user_pol)) == -1)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - - /* find the user's rid */ - if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->user_pol))) == 0xffffffff) - { - status = NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - if (status == 0x0) - { - DOM_SID user_sid; - DOM_SID everyone_sid; - - user_sid = global_sam_sid; - - SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1); - - /* - * Add the user RID. - */ - user_sid.sub_auths[user_sid.num_auths++] = rid; - - string_to_sid(&everyone_sid, "S-1-1"); +static BOOL api_samr_query_dispinfo(pipes_struct *p) +{ + SAMR_Q_QUERY_DISPINFO q_u; + SAMR_R_QUERY_DISPINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */ - /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ - init_dom_sid3(&(sid[0]), 0x035b, 0x0002, &everyone_sid); - init_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid); - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - init_samr_r_unknown_3(&r_u, - 0x0001, 0x8004, - 0x00000014, 0x0002, 0x0070, - 2, sid, status); + if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) + return False; - DEBUG(5,("samr_unknown_3: %d\n", __LINE__)); + r_u.status = _samr_query_dispinfo(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_unknown_3("", &r_u, rdata, 0)) + if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) return False; - DEBUG(5,("samr_unknown_3: %d\n", __LINE__)); - return True; } /******************************************************************* - api_samr_unknown_3 + api_samr_query_aliasinfo ********************************************************************/ -static BOOL api_samr_unknown_3(pipes_struct *p) + +static BOOL api_samr_query_aliasinfo(pipes_struct *p) { - SAMR_Q_UNKNOWN_3 q_u; + SAMR_Q_QUERY_ALIASINFO q_u; + SAMR_R_QUERY_ALIASINFO r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + /* grab the samr open */ - if(!samr_io_q_unknown_3("", &q_u, data, 0)) + if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) return False; - /* construct reply. always indicate success */ - if(!samr_reply_unknown_3(&q_u, rdata)) - return False; + r_u.status = _samr_query_aliasinfo(p, &q_u, &r_u); + /* store the response in the SMB stream */ + if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) + return False; + return True; } - /******************************************************************* - samr_reply_enum_dom_users + api_samr_lookup_names ********************************************************************/ -static BOOL samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u, - prs_struct *rdata) -{ - SAMR_R_ENUM_DOM_USERS r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries; - int total_entries; - - ZERO_STRUCT(r_e); - r_e.status = 0x0; - r_e.total_num_entries = 0; - - /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } +static BOOL api_samr_lookup_names(pipes_struct *p) +{ + SAMR_Q_LOOKUP_NAMES q_u; + SAMR_R_LOOKUP_NAMES r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - DEBUG(5,("samr_reply_enum_dom_users: %d\n", __LINE__)); + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - become_root(); - get_sampwd_entries(pass, 0, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask); - unbecome_root(); + /* grab the samr lookup names */ + if(!samr_io_q_lookup_names("", &q_u, data, 0)) + return False; - init_samr_r_enum_dom_users(&r_e, total_entries, - q_u->unknown_0, num_entries, - pass, r_e.status); + r_u.status = _samr_lookup_names(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_enum_dom_users("", &r_e, rdata, 0)) + if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) return False; - DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__)); - return True; } /******************************************************************* - api_samr_enum_dom_users + api_samr_chgpasswd_user ********************************************************************/ -static BOOL api_samr_enum_dom_users(pipes_struct *p) + +static BOOL api_samr_chgpasswd_user(pipes_struct *p) { - SAMR_Q_ENUM_DOM_USERS q_e; + SAMR_Q_CHGPASSWD_USER q_u; + SAMR_R_CHGPASSWD_USER r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* grab the samr open */ - if(!samr_io_q_enum_dom_users("", &q_e, data, 0)) + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* unknown 38 command */ + if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n")); return False; + } - /* construct reply. */ - if(!samr_reply_enum_dom_users(&q_e, rdata)) + r_u.status = _samr_chgpasswd_user(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_chgpasswd_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER.\n" )); return False; + } return True; } /******************************************************************* - samr_reply_enum_dom_groups + api_samr_lookup_rids ********************************************************************/ -static BOOL samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, - prs_struct *rdata) -{ - SAMR_R_ENUM_DOM_GROUPS r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries; - BOOL got_grps; - char *dummy_group = "Domain Admins"; - - ZERO_STRUCT(r_e); - - r_e.status = 0x0; - r_e.num_entries = 0; - /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } +static BOOL api_samr_lookup_rids(pipes_struct *p) +{ + SAMR_Q_LOOKUP_RIDS q_u; + SAMR_R_LOOKUP_RIDS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - got_grps = True; - num_entries = 1; - ZERO_STRUCTP(&pass[0]); - init_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)+1); - pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS; + /* grab the samr lookup names */ + if(!samr_io_q_lookup_rids("", &q_u, data, 0)) + return False; - if (r_e.status == 0 && got_grps) - { - init_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status); - } + r_u.status = _samr_lookup_rids(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_enum_dom_groups("", &r_e, rdata, 0)) + if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) return False; - DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); - return True; } /******************************************************************* - api_samr_enum_dom_groups + api_samr_open_user ********************************************************************/ -static BOOL api_samr_enum_dom_groups(pipes_struct *p) + +static BOOL api_samr_open_user(pipes_struct *p) { - SAMR_Q_ENUM_DOM_GROUPS q_e; + SAMR_Q_OPEN_USER q_u; + SAMR_R_OPEN_USER r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* grab the samr open */ - if(!samr_io_q_enum_dom_groups("", &q_e, data, 0)) + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 22 */ + if(!samr_io_q_open_user("", &q_u, data, 0)) return False; - /* construct reply. */ - if(!samr_reply_enum_dom_groups(&q_e, rdata)) + r_u.status = _api_samr_open_user(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_open_user("", &r_u, rdata, 0)) return False; + DEBUG(5,("samr_open_user: %d\n", __LINE__)); + return True; } /******************************************************************* - samr_reply_enum_dom_aliases + api_samr_query_userinfo ********************************************************************/ -static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, - prs_struct *rdata) + +static BOOL api_samr_query_userinfo(pipes_struct *p) { - SAMR_R_ENUM_DOM_ALIASES r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries = 0; - DOM_SID sid; - fstring sid_str; - fstring sam_sid_str; - struct group *grp; - - ZERO_STRUCT(r_e); + SAMR_Q_QUERY_USERINFO q_u; + SAMR_R_QUERY_USERINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid)) - { - r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - sid_to_string(sid_str, &sid); - sid_to_string(sam_sid_str, &global_sam_sid); - - DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); - - /* well-known aliases */ - if (strequal(sid_str, "S-1-5-32")) - { - char *name; - while (!lp_hide_local_users() && - num_entries < MAX_SAM_ENTRIES && - ((name = builtin_alias_rids[num_entries].name) != NULL)) - { - init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1); - pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; - num_entries++; - } - } - else if (strequal(sid_str, sam_sid_str) && !lp_hide_local_users()) - { - char *name; - char *sep; - - sep = lp_winbind_separator(); - - /* local aliases */ - /* we return the UNIX groups here. This seems to be the right */ - /* thing to do, since NT member servers return their local */ - /* groups in the same situation. */ - setgrent(); - - while (num_entries < MAX_SAM_ENTRIES && ((grp = getgrent()) != NULL)) - { - int i; - uint32 trid; - name = grp->gr_name; - - /* Don't return winbind groups as they are not local! */ - - if (strchr(name, *sep) != NULL) { - continue; - } - - trid = pdb_gid_to_group_rid(grp->gr_gid); - for( i = 0; i < num_entries; i++) - if ( pass[i].user_rid == trid ) break; - if ( i < num_entries ) - continue; /* rid was there, dup! */ - - init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1); - pass[num_entries].user_rid = trid; - num_entries++; - } - - endgrent(); - } - - init_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); + /* grab the samr unknown 24 */ + if(!samr_io_q_query_userinfo("", &q_u, data, 0)) + return False; + + r_u.status = _samr_query_userinfo(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_enum_dom_aliases("", &r_e, rdata, 0)) + if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) return False; - DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__)); - return True; } /******************************************************************* - api_samr_enum_dom_aliases + api_samr_query_usergroups ********************************************************************/ -static BOOL api_samr_enum_dom_aliases(pipes_struct *p) + +static BOOL api_samr_query_usergroups(pipes_struct *p) { - SAMR_Q_ENUM_DOM_ALIASES q_e; + SAMR_Q_QUERY_USERGROUPS q_u; + SAMR_R_QUERY_USERGROUPS r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_e); - /* grab the samr open */ - if(!samr_io_q_enum_dom_aliases("", &q_e, data, 0)) + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 32 */ + if(!samr_io_q_query_usergroups("", &q_u, data, 0)) return False; - /* construct reply. */ - if(!samr_reply_enum_dom_aliases(&q_e, rdata)) + r_u.status = _samr_query_usergroups(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) { return False; + } return True; } - /******************************************************************* - samr_reply_query_dispinfo + api_samr_query_dom_info ********************************************************************/ -static BOOL samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u, prs_struct *rdata) -{ - SAMR_R_QUERY_DISPINFO r_e; - SAM_INFO_CTR ctr; - SAM_INFO_1 info1; - SAM_INFO_2 info2; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries = 0; - int total_entries = 0; - BOOL got_pwds; - uint16 switch_level = 0x0; - - ZERO_STRUCT(r_e); - - DEBUG(5,("samr_reply_query_dispinfo: %d\n", __LINE__)); - - /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - DEBUG(5,("samr_reply_query_dispinfo: invalid handle\n")); - } - - if (r_e.status == 0x0) - { - /* decide how many entries to get depending on the max_entries - and max_size passed by client */ - uint32 retsize; - - if(q_u->max_entries > MAX_SAM_ENTRIES) - q_u->max_entries = MAX_SAM_ENTRIES; - - retsize = (q_u->max_entries * (sizeof(SAM_ENTRY1)+sizeof(SAM_STR1))) - + 3*sizeof(uint32); - - if(retsize > q_u->max_size) - { - /* determine max_entries based on max_size */ - q_u->max_entries = (q_u->max_size - 3*sizeof(uint32)) / - (sizeof(SAM_ENTRY1)+sizeof(SAM_STR1)); - q_u->max_entries = (q_u->max_entries>0?q_u->max_entries:1); - } - - DEBUG(10,("samr_reply_query_dispinfo: Setting q_u->max_entries to %u\n",q_u->max_entries)); - - become_root(); - got_pwds = get_passwd_entries(pass, q_u->start_idx, &total_entries, &num_entries, q_u->max_entries, 0); - unbecome_root(); - - /* more left - set resume handle */ - if(total_entries > num_entries) - { - r_e.status = 0x105; - } - - switch (q_u->switch_level) - { - case 0x1: - { - - /* query disp info is for users */ - ZERO_STRUCT (info1); - switch_level = 0x1; - init_sam_info_1(&info1, ACB_NORMAL, - q_u->start_idx, num_entries, pass); - - ctr.sam.info1 = &info1; - - break; - } - case 0x2: - { - /* query disp info is for servers */ - ZERO_STRUCT (info2); - switch_level = 0x2; - init_sam_info_2(&info2, ACB_WSTRUST, - q_u->start_idx, num_entries, pass); - - ctr.sam.info2 = &info2; - - break; - } - } - } - - /* more left - set resume handle */ - if(total_entries > num_entries) - { - r_e.status = 0x105; - } - - if (r_e.status == 0 || r_e.status == 0x105) - { - init_samr_r_query_dispinfo(&r_e, switch_level, &ctr, r_e.status); - } - - /* store the response in the SMB stream */ - if(!samr_io_r_query_dispinfo("", &r_e, rdata, 0)) - return False; - - DEBUG(5,("samr_query_dispinfo: %d\n", __LINE__)); - - return True; -} -/******************************************************************* - api_samr_query_dispinfo - ********************************************************************/ -static BOOL api_samr_query_dispinfo(pipes_struct *p) -{ - SAMR_Q_QUERY_DISPINFO q_e; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - /* grab the samr open */ - if(!samr_io_q_query_dispinfo("", &q_e, data, 0)) - return False; - - /* construct reply. */ - if(!samr_reply_query_dispinfo(&q_e, rdata)) - return False; - - return True; -} - - -/******************************************************************* - samr_reply_query_aliasinfo - ********************************************************************/ -static BOOL samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u, - prs_struct *rdata) -{ - SAMR_R_QUERY_ALIASINFO r_e; - fstring alias_desc = "Local Unix group"; - fstring alias=""; - enum SID_NAME_USE type; - uint32 alias_rid; - - ZERO_STRUCT(r_e); - - DEBUG(5,("samr_reply_query_aliasinfo: %d\n", __LINE__)); - - /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - - alias_rid = get_lsa_policy_samr_rid(&q_u->pol); - if(alias_rid == 0xffffffff) - r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS; - - if(!local_lookup_rid(alias_rid, alias, &type)) - { - r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS; - } - - init_samr_r_query_aliasinfo(&r_e, q_u->switch_level, alias, alias_desc); - - /* store the response in the SMB stream */ - if(!samr_io_r_query_aliasinfo("", &r_e, rdata, 0)) - return False; - - DEBUG(5,("samr_query_aliasinfo: %d\n", __LINE__)); - - return True; -} - -/******************************************************************* - api_samr_query_aliasinfo - ********************************************************************/ -static BOOL api_samr_query_aliasinfo(pipes_struct *p) +static BOOL api_samr_query_dom_info(pipes_struct *p) { - SAMR_Q_QUERY_ALIASINFO q_e; + SAMR_Q_QUERY_DOMAIN_INFO q_u; + SAMR_R_QUERY_DOMAIN_INFO r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* grab the samr open */ - if(!samr_io_q_query_aliasinfo("", &q_e, data, 0)) - return False; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - /* construct reply. */ - if(!samr_reply_query_aliasinfo(&q_e, rdata)) + /* grab the samr unknown 8 command */ + if(!samr_io_q_query_dom_info("", &q_u, data, 0)) return False; - return True; -} - - -/******************************************************************* - samr_reply_lookup_ids - ********************************************************************/ -static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, - prs_struct *rdata) -{ - uint32 rid[MAX_SAM_ENTRIES]; - uint32 status = 0; - int num_rids = q_u->num_sids1; - - SAMR_R_LOOKUP_IDS r_u; - - DEBUG(5,("samr_lookup_ids: %d\n", __LINE__)); - - if (num_rids > MAX_SAM_ENTRIES) - { - num_rids = MAX_SAM_ENTRIES; - DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids)); - } - -#if 0 - int i; - SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids); - - for (i = 0; i < num_rids && status == 0; i++) - { - SAM_ACCOUNT *sam_pass; - fstring user_name; - - - fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer, - q_u->uni_user_name[i].uni_str_len)); - - /* find the user account */ - become_root(); - sam_pass = pdb_getsampwnam(user_name); - unbecome_root(); - - if (sam_pass == NULL) - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - rid[i] = 0; - } - else - { - rid[i] = pdb_get_user_rid(sam_pass); - } - } -#endif - - num_rids = 1; - rid[0] = BUILTIN_ALIAS_RID_USERS; - - init_samr_r_lookup_ids(&r_u, num_rids, rid, status); + r_u.status = _samr_query_dom_info(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_lookup_ids("", &r_u, rdata, 0)) - return False; - - DEBUG(5,("samr_lookup_ids: %d\n", __LINE__)); - - return True; -} - -/******************************************************************* - api_samr_lookup_ids - ********************************************************************/ -static BOOL api_samr_lookup_ids(pipes_struct *p) -{ - SAMR_Q_LOOKUP_IDS q_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - /* grab the samr 0x10 */ - if(!samr_io_q_lookup_ids("", &q_u, data, 0)) + if(!samr_io_r_query_dom_info("", &r_u, rdata, 0)) return False; - /* construct reply. always indicate success */ - if(!samr_reply_lookup_ids(&q_u, rdata)) - return False; + DEBUG(5,("api_samr_query_dom_info: %d\n", __LINE__)); return True; } /******************************************************************* - samr_reply_lookup_names - ********************************************************************/ - -static BOOL samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, - prs_struct *rdata) -{ - uint32 rid[MAX_SAM_ENTRIES]; - enum SID_NAME_USE type[MAX_SAM_ENTRIES]; - uint32 status = 0; - int i; - int num_rids = q_u->num_names1; - DOM_SID pol_sid; - - SAMR_R_LOOKUP_NAMES r_u; - - DEBUG(5,("samr_lookup_names: %d\n", __LINE__)); - - ZERO_ARRAY(rid); - ZERO_ARRAY(type); - - if (!get_lsa_policy_samr_sid(&q_u->pol, &pol_sid)) { - status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH; - init_samr_r_lookup_names(&r_u, 0, rid, type, status); - if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) { - DEBUG(0,("samr_reply_lookup_names: failed to marshall SAMR_R_LOOKUP_NAMES.\n")); - return False; - } - return True; - } - - if (num_rids > MAX_SAM_ENTRIES) { - num_rids = MAX_SAM_ENTRIES; - DEBUG(5,("samr_lookup_names: truncating entries to %d\n", num_rids)); - } - - SMB_ASSERT_ARRAY(q_u->uni_name, num_rids); - - for (i = 0; i < num_rids; i++) { - fstring name; - - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - rid [i] = 0xffffffff; - type[i] = SID_NAME_UNKNOWN; - - fstrcpy(name, dos_unistrn2(q_u->uni_name[i].buffer, - q_u->uni_name[i].uni_str_len)); - - if(sid_equal(&pol_sid, &global_sam_sid)) - { - DOM_SID sid; - if(local_lookup_name(global_myname, name, - &sid, &type[i])) - { - sid_split_rid( &sid, &rid[i]); - status = 0; - } - } - } - - init_samr_r_lookup_names(&r_u, num_rids, rid, type, status); - - /* store the response in the SMB stream */ - if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) { - DEBUG(0,("samr_reply_lookup_names: failed to marshall SAMR_R_LOOKUP_NAMES.\n")); - return False; - } - - DEBUG(5,("samr_lookup_names: %d\n", __LINE__)); - - return True; -} - -/******************************************************************* - api_samr_lookup_names + api_samr_create_user ********************************************************************/ -static BOOL api_samr_lookup_names(pipes_struct *p) +static BOOL api_samr_create_user(pipes_struct *p) { - SAMR_Q_LOOKUP_NAMES q_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - memset(&q_u, '\0', sizeof(q_u)); + SAMR_Q_CREATE_USER q_u; + SAMR_R_CREATE_USER r_u; - /* grab the samr lookup names */ - if(!samr_io_q_lookup_names("", &q_u, data, 0)) { - DEBUG(0,("api_samr_lookup_names: failed to unmarshall SAMR_Q_LOOKUP_NAMES.\n")); - return False; - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - /* construct reply. always indicate success */ - if(!samr_reply_lookup_names(&q_u, rdata)) + /* grab the samr create user */ + if (!samr_io_q_create_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER.\n")); return False; - - return True; -} - -/******************************************************************* - samr_reply_chgpasswd_user - ********************************************************************/ - -static BOOL samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u, - prs_struct *rdata) -{ - SAMR_R_CHGPASSWD_USER r_u; - uint32 status = 0x0; - fstring user_name; - fstring wks; - - fstrcpy(user_name, dos_unistrn2(q_u->uni_user_name.buffer, q_u->uni_user_name.uni_str_len)); - fstrcpy(wks , dos_unistrn2(q_u->uni_dest_host.buffer, q_u->uni_dest_host.uni_str_len)); - - DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks)); - - if (!pass_oem_change(user_name, - q_u->lm_newpass.pass, q_u->lm_oldhash.hash, - q_u->nt_newpass.pass, q_u->nt_oldhash.hash)) - { - status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD; } - init_samr_r_chgpasswd_user(&r_u, status); + r_u.status=_api_samr_create_user(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_chgpasswd_user("", &r_u, rdata, 0)) { - DEBUG(0,("samr_reply_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER struct.\n" )); + if(!samr_io_r_create_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_create_user: Unable to marshall SAMR_R_CREATE_USER.\n")); return False; } - DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__)); return True; } /******************************************************************* - api_samr_chgpasswd_user + api_samr_connect_anon ********************************************************************/ -static BOOL api_samr_chgpasswd_user(pipes_struct *p) +static BOOL api_samr_connect_anon(pipes_struct *p) { - SAMR_Q_CHGPASSWD_USER q_u; + SAMR_Q_CONNECT_ANON q_u; + SAMR_R_CONNECT_ANON r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* unknown 38 command */ - if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) { - DEBUG(0,("api_samr_chgpasswd_user: samr_io_q_chgpasswd_user failed to parse RPC packet.\n")); - return False; - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - /* construct reply. */ - if(!samr_reply_chgpasswd_user(&q_u, rdata)) { - DEBUG(0,("api_samr_chgpasswd_user: samr_reply_chgpasswd_user failed to create reply packet.\n")); + /* grab the samr open policy */ + if(!samr_io_q_connect_anon("", &q_u, data, 0)) return False; - } - - return True; -} - - -/******************************************************************* - samr_reply_unknown_38 - ********************************************************************/ -static BOOL samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u, prs_struct *rdata) -{ - SAMR_R_UNKNOWN_38 r_u; - - DEBUG(5,("samr_unknown_38: %d\n", __LINE__)); - init_samr_r_unknown_38(&r_u); + r_u.status = _samr_connect_anon(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_unknown_38("", &r_u, rdata, 0)) + if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) return False; - DEBUG(5,("samr_unknown_38: %d\n", __LINE__)); return True; } /******************************************************************* - api_samr_unknown_38 + api_samr_connect ********************************************************************/ -static BOOL api_samr_unknown_38(pipes_struct *p) + +static BOOL api_samr_connect(pipes_struct *p) { - SAMR_Q_UNKNOWN_38 q_u; + SAMR_Q_CONNECT q_u; + SAMR_R_CONNECT r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* unknown 38 command */ - if(!samr_io_q_unknown_38("", &q_u, data, 0)) - return False; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - /* construct reply. always indicate success */ - if(!samr_reply_unknown_38(&q_u, rdata)) + /* grab the samr open policy */ + if(!samr_io_q_connect("", &q_u, data, 0)) return False; - return True; -} - - -/******************************************************************* - samr_reply_lookup_rids - ********************************************************************/ -static BOOL samr_reply_lookup_rids(SAMR_Q_LOOKUP_RIDS *q_u, - prs_struct *rdata) -{ - fstring group_names[MAX_SAM_ENTRIES]; - uint32 group_attrs[MAX_SAM_ENTRIES]; - uint32 status = 0; - int num_gids = q_u->num_gids1; - - SAMR_R_LOOKUP_RIDS r_u; - - DEBUG(5,("samr_reply_lookup_rids: %d\n", __LINE__)); - - /* find the policy handle. open a policy on it. */ - if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - - if (status == 0x0) - { - int i; - if (num_gids > MAX_SAM_ENTRIES) - { - num_gids = MAX_SAM_ENTRIES; - DEBUG(5,("samr_reply_lookup_rids: truncating entries to %d\n", num_gids)); - } - - for (i = 0; i < num_gids && status == 0; i++) - { - fstrcpy(group_names[i], "dummy group"); - group_attrs[i] = 0x2; - } - } - - init_samr_r_lookup_rids(&r_u, num_gids, group_names, group_attrs, status); + r_u.status = _samr_connect(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) - return False; - - DEBUG(5,("samr_reply_lookup_rids: %d\n", __LINE__)); - - return True; -} - -/******************************************************************* - api_samr_lookup_rids - ********************************************************************/ -static BOOL api_samr_lookup_rids(pipes_struct *p) -{ - SAMR_Q_LOOKUP_RIDS q_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - /* grab the samr lookup names */ - if(!samr_io_q_lookup_rids("", &q_u, data, 0)) - return False; - - /* construct reply. always indicate success */ - if(!samr_reply_lookup_rids(&q_u, rdata)) + if(!samr_io_r_connect("", &r_u, rdata, 0)) return False; return True; } +/********************************************************************** + api_samr_lookup_domain + **********************************************************************/ -/******************************************************************* - _api_samr_open_user - ********************************************************************/ -static uint32 _api_samr_open_user(POLICY_HND domain_pol, uint32 user_rid, POLICY_HND *user_pol) -{ - SAM_ACCOUNT *sam_pass; - DOM_SID sid; - - /* find the domain policy handle. */ - if (find_lsa_policy_by_hnd(&domain_pol) == -1) - return NT_STATUS_INVALID_HANDLE; - - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(user_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - become_root(); - sam_pass = pdb_getsampwrid(user_rid); - unbecome_root(); - - /* check that the RID exists in our domain. */ - if (sam_pass == NULL) { - close_lsa_policy_hnd(user_pol); - return NT_STATUS_NO_SUCH_USER; - } - - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(&domain_pol, &sid)) { - close_lsa_policy_hnd(user_pol); - return NT_STATUS_INVALID_HANDLE; - } - - /* append the user's RID to it */ - if(!sid_append_rid(&sid, user_rid)) { - close_lsa_policy_hnd(user_pol); - return NT_STATUS_NO_SUCH_USER; - } - - /* associate the user's SID with the handle. */ - if (!set_lsa_policy_samr_sid(user_pol, &sid)) { - /* oh, whoops. don't know what error message to return, here */ - close_lsa_policy_hnd(user_pol); - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } - - return NT_STATUS_NO_PROBLEMO; -} - -/******************************************************************* - api_samr_open_user - ********************************************************************/ -static BOOL api_samr_open_user(pipes_struct *p) +static BOOL api_samr_lookup_domain(pipes_struct *p) { - SAMR_Q_OPEN_USER q_u; - SAMR_R_OPEN_USER r_u; + SAMR_Q_LOOKUP_DOMAIN q_u; + SAMR_R_LOOKUP_DOMAIN r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - + ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr unknown 22 */ - if(!samr_io_q_open_user("", &q_u, data, 0)) - return False; - - r_u.status = _api_samr_open_user(q_u.domain_pol, q_u.user_rid, &r_u.user_pol); - - /* store the response in the SMB stream */ - if(!samr_io_r_open_user("", &r_u, rdata, 0)) - return False; - - DEBUG(5,("samr_open_user: %d\n", __LINE__)); - - return True; -} - -/************************************************************************* - get_user_info_10 - *************************************************************************/ -static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) -{ - SAM_ACCOUNT *sampass; - - if (!pdb_rid_is_user(user_rid)) - { - DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); + if(!samr_io_q_lookup_domain("", &q_u, data, 0)) { + DEBUG(0,("api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN.\n")); return False; } - become_root(); - sampass = pdb_getsampwrid(user_rid); - unbecome_root(); - - if (sampass == NULL) - { - DEBUG(4,("User 0x%x not found\n", user_rid)); + r_u.status = _samr_lookup_domain(p, &q_u, &r_u); + + if(!samr_io_r_lookup_domain("", &r_u, rdata, 0)){ + DEBUG(0,("api_samr_lookup_domain: Unable to marshall SAMR_R_LOOKUP_DOMAIN.\n")); return False; } - - DEBUG(3,("User:[%s]\n", pdb_get_username(sampass))); - - init_sam_user_info10(id10, pdb_get_acct_ctrl(sampass)); - + return True; } -/************************************************************************* - get_user_info_21 - *************************************************************************/ -static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) +/********************************************************************** + api_samr_enum_domains + **********************************************************************/ + +static BOOL api_samr_enum_domains(pipes_struct *p) { - SAM_ACCOUNT *sam_pass; + SAMR_Q_ENUM_DOMAINS q_u; + SAMR_R_ENUM_DOMAINS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (!pdb_rid_is_user(user_rid)) - { - DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); + if(!samr_io_q_enum_domains("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_domains: Unable to unmarshall SAMR_Q_ENUM_DOMAINS.\n")); return False; } - become_root(); - sam_pass = pdb_getsampwrid(user_rid); - unbecome_root(); + r_u.status = _samr_enum_domains(p, &q_u, &r_u); - if (sam_pass == NULL) - { - DEBUG(4,("User 0x%x not found\n", user_rid)); + if(!samr_io_r_enum_domains("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS.\n")); return False; } - - DEBUG(3,("User:[%s]\n", pdb_get_username(sam_pass))); - - init_sam_user_info21(id21, sam_pass); - + return True; } /******************************************************************* - samr_reply_query_userinfo + api_samr_open_alias ********************************************************************/ -static BOOL samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u, - prs_struct *rdata) -{ - SAMR_R_QUERY_USERINFO r_u; -#if 0 - SAM_USER_INFO_11 id11; -#endif - SAM_USER_INFO_10 id10; - SAM_USER_INFO_21 id21; - void *info = NULL; - - uint32 status = 0x0; - uint32 rid = 0x0; - - DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__)); - - /* search for the handle */ - if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - status = NT_STATUS_INVALID_HANDLE; - } - - /* find the user's rid */ - if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff) - { - status = NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - DEBUG(5,("samr_reply_query_userinfo: rid:0x%x\n", rid)); - - /* ok! user info levels (there are lots: see MSDEV help), off we go... */ - if (status == 0x0) - { - switch (q_u->switch_value) - { - case 0x10: - { - info = (void*)&id10; - status = get_user_info_10(&id10, rid) ? 0 : NT_STATUS_NO_SUCH_USER; - break; - } -#if 0 -/* whoops - got this wrong. i think. or don't understand what's happening. */ - case 0x11: - { - NTTIME expire; - info = (void*)&id11; - - expire.low = 0xffffffff; - expire.high = 0x7fffffff; - - make_sam_user_info11(&id11, &expire, "BROOKFIELDS$", 0x03ef, 0x201, 0x0080); - - break; - } -#endif - case 21: - { - info = (void*)&id21; - status = get_user_info_21(&id21, rid) ? 0 : NT_STATUS_NO_SUCH_USER; - break; - } - - default: - { - status = NT_STATUS_INVALID_INFO_CLASS; - - break; - } - } - } - - init_samr_r_query_userinfo(&r_u, q_u->switch_value, info, status); - /* store the response in the SMB stream */ - if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) - return False; - - DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__)); - - return True; -} - -/******************************************************************* - api_samr_query_userinfo - ********************************************************************/ -static BOOL api_samr_query_userinfo(pipes_struct *p) +static BOOL api_samr_open_alias(pipes_struct *p) { - SAMR_Q_QUERY_USERINFO q_u; + SAMR_Q_OPEN_ALIAS q_u; + SAMR_R_OPEN_ALIAS r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* grab the samr unknown 24 */ - if(!samr_io_q_query_userinfo("", &q_u, data, 0)) - return False; + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - /* construct reply. always indicate success */ - if(!samr_reply_query_userinfo(&q_u, rdata)) + /* grab the samr open policy */ + if(!samr_io_q_open_alias("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_alias: Unable to unmarshall SAMR_Q_OPEN_ALIAS.\n")); return False; - - return True; -} - - -/******************************************************************* - samr_reply_query_usergroups - ********************************************************************/ -static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, - prs_struct *rdata) -{ - SAMR_R_QUERY_USERGROUPS r_u; - uint32 status = 0x0; - - SAM_ACCOUNT *sam_pass; - DOM_GID *gids = NULL; - int num_groups = 0; - uint32 rid; - - DEBUG(5,("samr_query_usergroups: %d\n", __LINE__)); - - /* find the policy handle. open a policy on it. */ - if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - - /* find the user's rid */ - if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff) - { - status = NT_STATUS_OBJECT_TYPE_MISMATCH; } - if (status == 0x0) - { - become_root(); - sam_pass = pdb_getsampwrid(rid); - unbecome_root(); - - if (sam_pass == NULL) - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - } - } - - if (status == 0x0) - { - pstring groups; - get_domain_user_groups(groups, pdb_get_username(sam_pass)); - gids = NULL; - num_groups = make_dom_gids(groups, &gids); - } - - /* construct the response. lkclXXXX: gids are not copied! */ - init_samr_r_query_usergroups(&r_u, num_groups, gids, status); + r_u.status=_api_samr_open_alias(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) { - if (gids) - free((char *)gids); + if(!samr_io_r_open_alias("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_alias: Unable to marshall SAMR_R_OPEN_ALIAS.\n")); return False; } - - if (gids) - free((char *)gids); - - DEBUG(5,("samr_query_usergroups: %d\n", __LINE__)); return True; } /******************************************************************* - api_samr_query_usergroups + api_samr_set_userinfo ********************************************************************/ -static BOOL api_samr_query_usergroups(pipes_struct *p) -{ - SAMR_Q_QUERY_USERGROUPS q_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - /* grab the samr unknown 32 */ - if(!samr_io_q_query_usergroups("", &q_u, data, 0)) - return False; - - /* construct reply. */ - if(!samr_reply_query_usergroups(&q_u, rdata)) - return False; - return True; -} - - -/******************************************************************* - api_samr_query_dom_info - ********************************************************************/ -static BOOL api_samr_query_dom_info(pipes_struct *p) +static BOOL api_samr_set_userinfo(pipes_struct *p) { - SAMR_Q_QUERY_DOMAIN_INFO q_u; - SAMR_R_QUERY_DOMAIN_INFO r_u; - SAM_UNK_CTR ctr; + SAMR_Q_SET_USERINFO q_u; + SAMR_R_SET_USERINFO r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - uint16 switch_value = 0x0; - uint32 status = 0x0; - ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - ZERO_STRUCT(ctr); - DEBUG(5,("api_samr_query_dom_info: %d\n", __LINE__)); - - /* grab the samr unknown 8 command */ - if(!samr_io_q_query_dom_info("", &q_u, data, 0)) + if (!samr_io_q_set_userinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n")); return False; - - /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&q_u.domain_pol) == -1) { - status = NT_STATUS_INVALID_HANDLE; - DEBUG(5,("api_samr_query_dom_info: invalid handle\n")); } - if (status == 0x0) { - switch (q_u.switch_value) { - case 0x01: - switch_value = 0x1; - init_unk_info1(&ctr.info.inf1); - break; - case 0x02: - switch_value = 0x2; - init_unk_info2(&ctr.info.inf2, global_myworkgroup, global_myname); - break; - case 0x03: - switch_value = 0x3; - init_unk_info3(&ctr.info.inf3); - break; - case 0x06: - switch_value = 0x6; - init_unk_info6(&ctr.info.inf6); - break; - case 0x07: - switch_value = 0x7; - init_unk_info7(&ctr.info.inf7); - break; - case 0x0c: - switch_value = 0xc; - init_unk_info12(&ctr.info.inf12); - break; - default: - status = NT_STATUS_INVALID_INFO_CLASS; - break; - } - } - - init_samr_r_query_dom_info(&r_u, switch_value, &ctr, status); + r_u.status = _samr_set_userinfo(p, &q_u, &r_u); - /* store the response in the SMB stream */ - if(!samr_io_r_query_dom_info("", &r_u, rdata, 0)) + if(!samr_io_r_set_userinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_userinfo: Unable to marshall SAMR_R_SET_USERINFO.\n")); return False; - - DEBUG(5,("api_samr_query_dom_info: %d\n", __LINE__)); + } return True; } - /******************************************************************* - _api_samr_create_user + api_samr_set_userinfo2 ********************************************************************/ -static BOOL _api_samr_create_user(POLICY_HND dom_pol, UNISTR2 user_account, uint32 acb_info, uint32 access_mask, - POLICY_HND *user_pol, uint32 *unknown0, uint32 *user_rid) -{ - SAM_ACCOUNT *sam_pass; - fstring mach_acct; - pstring err_str; - pstring msg_str; - int local_flags=0; - DOM_SID sid; - - /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&dom_pol) == -1) - return NT_STATUS_INVALID_HANDLE; - - /* find the machine account: tell the caller if it exists. - lkclXXXX i have *no* idea if this is a problem or not - or even if you are supposed to construct a different - reply if the account already exists... - */ - - fstrcpy(mach_acct, dos_unistrn2(user_account.buffer, user_account.uni_str_len)); - strlower(mach_acct); - - become_root(); - sam_pass = pdb_getsampwnam(mach_acct); - unbecome_root(); - if (sam_pass != NULL) - { - /* machine account exists: say so */ - return NT_STATUS_USER_EXISTS; - } - - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(user_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - local_flags=LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_SET_NO_PASSWORD; - local_flags|= (acb_info & ACB_WSTRUST) ? LOCAL_TRUST_ACCOUNT:0; - - /* - * NB. VERY IMPORTANT ! This call must be done as the current pipe user, - * *NOT* surrounded by a become_root()/unbecome_root() call. This ensures - * that only people with write access to the smbpasswd file will be able - * to create a user. JRA. - */ - - /* add the user in the /etc/passwd file or the unix authority system */ - if (lp_adduser_script()) - smb_create_user(mach_acct,NULL); - - /* add the user in the smbpasswd file or the Samba authority database */ - if (!local_password_change(mach_acct, local_flags, NULL, err_str, - sizeof(err_str), msg_str, sizeof(msg_str))) - { - DEBUG(0, ("%s\n", err_str)); - close_lsa_policy_hnd(user_pol); - return NT_STATUS_ACCESS_DENIED; - } - become_root(); - sam_pass = pdb_getsampwnam(mach_acct); - unbecome_root(); - if (sam_pass == NULL) { - /* account doesn't exist: say so */ - close_lsa_policy_hnd(user_pol); - return NT_STATUS_ACCESS_DENIED; - } - - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(&dom_pol, &sid)) { - close_lsa_policy_hnd(user_pol); - return NT_STATUS_INVALID_HANDLE; - } - - /* append the user's RID to it */ - if(!sid_append_rid(&sid, sam_pass->user_rid)) { - close_lsa_policy_hnd(user_pol); - return NT_STATUS_NO_SUCH_USER; - } - - /* associate the RID with the (unique) handle. */ - if (!set_lsa_policy_samr_sid(user_pol, &sid)) { - /* oh, whoops. don't know what error message to return, here */ - close_lsa_policy_hnd(user_pol); - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } - - *unknown0 = 0x000703ff; - *user_rid = pdb_get_user_rid(sam_pass); - - return NT_STATUS_NO_PROBLEMO; -} - -/******************************************************************* - api_samr_create_user - ********************************************************************/ -static BOOL api_samr_create_user(pipes_struct *p) +static BOOL api_samr_set_userinfo2(pipes_struct *p) { + SAMR_Q_SET_USERINFO2 q_u; + SAMR_R_SET_USERINFO2 r_u; + prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - SAMR_Q_CREATE_USER q_u; - SAMR_R_CREATE_USER r_u; - ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr create user */ - if (!samr_io_q_create_user("", &q_u, data, 0)) { - DEBUG(0,("api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER.\n")); + if (!samr_io_q_set_userinfo2("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_userinfo2: Unable to unmarshall SAMR_Q_SET_USERINFO2.\n")); return False; } - r_u.status=_api_samr_create_user(q_u.pol, q_u.uni_mach_acct, q_u.acb_info, q_u.access_mask, - &r_u.pol, &r_u.unknown_0, &r_u.user_rid); + r_u.status = _samr_set_userinfo2(p, &q_u, &r_u); - /* store the response in the SMB stream */ - if(!samr_io_r_create_user("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_create_user: Unable to marshall SAMR_R_CREATE_USER.\n")); + if(!samr_io_r_set_userinfo2("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_userinfo2: Unable to marshall SAMR_R_SET_USERINFO2.\n")); return False; } return True; } - /******************************************************************* - samr_reply_connect_anon + api_samr_query_useraliases ********************************************************************/ -static BOOL samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u, prs_struct *rdata) -{ - SAMR_R_CONNECT_ANON r_u; - BOOL pol_open = False; - /* set up the SAMR connect_anon response */ +static BOOL api_samr_query_useraliases(pipes_struct *p) +{ + SAMR_Q_QUERY_USERALIASES q_u; + SAMR_R_QUERY_USERALIASES r_u; - r_u.status = 0x0; - /* get a (unique) handle. open a policy on it. */ - if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol)))) - { - r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; - } + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - /* associate the domain SID with the (unique) handle. */ - if (r_u.status == 0x0 && !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), q_u->unknown_0)) - { - /* oh, whoops. don't know what error message to return, here */ - r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (r_u.status != 0 && pol_open) - { - close_lsa_policy_hnd(&(r_u.connect_pol)); + if (!samr_io_q_query_useraliases("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_useraliases: Unable to unmarshall SAMR_Q_QUERY_USERALIASES.\n")); + return False; } - DEBUG(5,("samr_connect_anon: %d\n", __LINE__)); + r_u.status = _samr_query_useraliases(p, &q_u, &r_u); - /* store the response in the SMB stream */ - if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) + if (! samr_io_r_query_useraliases("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_useraliases: Unable to nmarshall SAMR_R_QUERY_USERALIASES.\n")); return False; - - DEBUG(5,("samr_connect_anon: %d\n", __LINE__)); + } return True; } /******************************************************************* - api_samr_connect_anon + api_samr_query_aliasmem ********************************************************************/ -static BOOL api_samr_connect_anon(pipes_struct *p) + +static BOOL api_samr_query_aliasmem(pipes_struct *p) { - SAMR_Q_CONNECT_ANON q_u; + SAMR_Q_QUERY_ALIASMEM q_u; + SAMR_R_QUERY_ALIASMEM r_u; + prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* grab the samr open policy */ - if(!samr_io_q_connect_anon("", &q_u, data, 0)) + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_query_aliasmem("", &q_u, data, 0)) { return False; + } + + r_u.status = _samr_query_aliasmem(p, &q_u, &r_u); - /* construct reply. always indicate success */ - if(!samr_reply_connect_anon(&q_u, rdata)) + if (!samr_io_r_query_aliasmem("", &r_u, rdata, 0)) { return False; + } return True; } /******************************************************************* - samr_reply_connect + api_samr_query_groupmem ********************************************************************/ -static BOOL samr_reply_connect(SAMR_Q_CONNECT *q_u, prs_struct *rdata) -{ - SAMR_R_CONNECT r_u; - BOOL pol_open = False; - /* set up the SAMR connect response */ +static BOOL api_samr_query_groupmem(pipes_struct *p) +{ + SAMR_Q_QUERY_GROUPMEM q_u; + SAMR_R_QUERY_GROUPMEM r_u; - r_u.status = 0x0; - /* get a (unique) handle. open a policy on it. */ - if (r_u.status == 0x0 && !(pol_open = open_lsa_policy_hnd(&(r_u.connect_pol)))) - { - r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; - } + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - /* associate the domain SID with the (unique) handle. */ - if (r_u.status == 0x0 && - !set_lsa_policy_samr_pol_status(&(r_u.connect_pol), - q_u->access_mask)) - { - /* oh, whoops. don't know what error message to return, here */ - r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND; - } + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (r_u.status != 0 && pol_open) - { - close_lsa_policy_hnd(&(r_u.connect_pol)); + if (!samr_io_q_query_groupmem("", &q_u, data, 0)) { + return False; } - DEBUG(5,("samr_connect: %d\n", __LINE__)); + r_u.status = _samr_query_groupmem(p, &q_u, &r_u); - /* store the response in the SMB stream */ - if(!samr_io_r_connect("", &r_u, rdata, 0)) + if (!samr_io_r_query_groupmem("", &r_u, rdata, 0)) { return False; - - DEBUG(5,("samr_connect: %d\n", __LINE__)); + } return True; } /******************************************************************* - api_samr_connect + api_samr_add_aliasmem ********************************************************************/ -static BOOL api_samr_connect(pipes_struct *p) + +static BOOL api_samr_add_aliasmem(pipes_struct *p) { - SAMR_Q_CONNECT q_u; + SAMR_Q_ADD_ALIASMEM q_u; + SAMR_R_ADD_ALIASMEM r_u; + prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - /* grab the samr open policy */ - if(!samr_io_q_connect("", &q_u, data, 0)) + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_add_aliasmem("", &q_u, data, 0)) { return False; + } - /* construct reply. always indicate success */ - if(!samr_reply_connect(&q_u, rdata)) + r_u.status = _samr_add_aliasmem(p, &q_u, &r_u); + + if (!samr_io_r_add_aliasmem("", &r_u, rdata, 0)) { return False; + } return True; } - -/********************************************************************** - api_samr_lookup_domain - **********************************************************************/ -static BOOL api_samr_lookup_domain(pipes_struct *p) +/******************************************************************* + api_samr_del_aliasmem + ********************************************************************/ + +static BOOL api_samr_del_aliasmem(pipes_struct *p) { - SAMR_Q_LOOKUP_DOMAIN q_u; - SAMR_R_LOOKUP_DOMAIN r_u; + SAMR_Q_DEL_ALIASMEM q_u; + SAMR_R_DEL_ALIASMEM r_u; + prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - + ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!samr_io_q_lookup_domain("", &q_u, data, 0)) { - DEBUG(0,("api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN.\n")); + if (!samr_io_q_del_aliasmem("", &q_u, data, 0)) { return False; } - - r_u.status = 0x0; - if (find_lsa_policy_by_hnd(&q_u.connect_pol) == -1){ - r_u.status = NT_STATUS_INVALID_HANDLE; - DEBUG(5,("api_samr_lookup_domain: invalid handle\n")); - } - - /* assume the domain name sent is our global_myname and - send global_sam_sid */ - init_samr_r_lookup_domain(&r_u, &global_sam_sid, r_u.status); - - if(!samr_io_r_lookup_domain("", &r_u, rdata, 0)){ - DEBUG(0,("api_samr_lookup_domain: Unable to marshall SAMR_R_LOOKUP_DOMAIN.\n")); + r_u.status = _samr_del_aliasmem(p, &q_u, &r_u); + + if (!samr_io_r_del_aliasmem("", &r_u, rdata, 0)) { return False; } - + return True; } -/********************************************************************** - api_samr_enum_domains - **********************************************************************/ -static BOOL api_samr_enum_domains(pipes_struct *p) +/******************************************************************* + api_samr_add_groupmem + ********************************************************************/ + +static BOOL api_samr_add_groupmem(pipes_struct *p) { - SAMR_Q_ENUM_DOMAINS q_u; - SAMR_R_ENUM_DOMAINS r_u; + SAMR_Q_ADD_GROUPMEM q_u; + SAMR_R_ADD_GROUPMEM r_u; + prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - - fstring dom[2]; ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - fstrcpy(dom[0],global_myworkgroup); - fstrcpy(dom[1],"Builtin"); - - if(!samr_io_q_enum_domains("", &q_u, data, 0)) { - DEBUG(0,("api_samr_enum_domains: Unable to unmarshall SAMR_Q_ENUM_DOMAINS.\n")); + if (!samr_io_q_add_groupmem("", &q_u, data, 0)) { return False; } - r_u.status = NT_STATUS_NO_PROBLEMO; - - init_samr_r_enum_domains(&r_u, q_u.start_idx, dom, 2); + r_u.status = _samr_add_groupmem(p, &q_u, &r_u); - if(!samr_io_r_enum_domains("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS.\n")); - free(r_u.sam); - free(r_u.uni_dom_name); + if (!samr_io_r_add_groupmem("", &r_u, rdata, 0)) { return False; } - free(r_u.sam); - free(r_u.uni_dom_name); - return True; } - /******************************************************************* - api_samr_open_alias + api_samr_del_groupmem ********************************************************************/ -static uint32 _api_samr_open_alias(POLICY_HND domain_pol, uint32 alias_rid, POLICY_HND *alias_pol) + +static BOOL api_samr_del_groupmem(pipes_struct *p) { - DOM_SID sid; - - /* get the domain policy. */ - if (find_lsa_policy_by_hnd(&domain_pol) == -1) - return NT_STATUS_INVALID_HANDLE; - - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(alias_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(&domain_pol, &sid)) { - close_lsa_policy_hnd(alias_pol); - return NT_STATUS_INVALID_HANDLE; - } + SAMR_Q_DEL_GROUPMEM q_u; + SAMR_R_DEL_GROUPMEM r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - /* append the alias' RID to it */ - if(!sid_append_rid(&sid, alias_rid)) { - close_lsa_policy_hnd(alias_pol); - return NT_STATUS_NO_SUCH_USER; + if (!samr_io_q_del_groupmem("", &q_u, data, 0)) { + return False; } - /* associate a RID with the (unique) handle. */ - if (!set_lsa_policy_samr_sid(alias_pol, &sid)) { - /* oh, whoops. don't know what error message to return, here */ - close_lsa_policy_hnd(alias_pol); - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + r_u.status = _samr_del_groupmem(p, &q_u, &r_u); + + if (!samr_io_r_del_groupmem("", &r_u, rdata, 0)) { + return False; } - return NT_STATUS_NO_PROBLEMO; + return True; } /******************************************************************* - api_samr_open_alias + api_samr_delete_dom_user ********************************************************************/ -static BOOL api_samr_open_alias(pipes_struct *p) + +static BOOL api_samr_delete_dom_user(pipes_struct *p) { - SAMR_Q_OPEN_ALIAS q_u; - SAMR_R_OPEN_ALIAS r_u; + SAMR_Q_DELETE_DOM_USER q_u; + SAMR_R_DELETE_DOM_USER r_u; + prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - /* grab the samr open policy */ - if(!samr_io_q_open_alias("", &q_u, data, 0)) { - DEBUG(0,("api_samr_open_alias: Unable to unmarshall SAMR_Q_OPEN_ALIAS.\n")); + if (!samr_io_q_delete_dom_user("", &q_u, data, 0)) { return False; } - r_u.status=_api_samr_open_alias(q_u.dom_pol, q_u.rid_alias, &r_u.pol); + r_u.status = _samr_delete_dom_user(p, &q_u, &r_u); - /* store the response in the SMB stream */ - if(!samr_io_r_open_alias("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_open_alias: Unable to marshall SAMR_R_OPEN_ALIAS.\n")); + if (!samr_io_r_delete_dom_user("", &r_u, rdata, 0)) { return False; } - + return True; } /******************************************************************* - set_user_info_10 + api_samr_delete_dom_group ********************************************************************/ -static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) + +static BOOL api_samr_delete_dom_group(pipes_struct *p) { - SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAMR_Q_DELETE_DOM_GROUP q_u; + SAMR_R_DELETE_DOM_GROUP r_u; - if (id10 == NULL) { - DEBUG(5, ("set_user_info_10: NULL id10\n")); - return False; - } + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (pwd == NULL) + if (!samr_io_q_delete_dom_group("", &q_u, data, 0)) { return False; + } - pdb_set_acct_ctrl(pwd, id10->acb_info); + r_u.status = _samr_delete_dom_group(p, &q_u, &r_u); - if(!pdb_update_sam_account(pwd, True)) + if (!samr_io_r_delete_dom_group("", &r_u, rdata, 0)) { return False; + } return True; } /******************************************************************* - set_user_info_12 + api_samr_delete_dom_alias ********************************************************************/ -static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) + +static BOOL api_samr_delete_dom_alias(pipes_struct *p) { - SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAMR_Q_DELETE_DOM_ALIAS q_u; + SAMR_R_DELETE_DOM_ALIAS r_u; - if (pwd == NULL) - return False; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - if (id12 == NULL) { - DEBUG(2, ("set_user_info_12: id12 is NULL\n")); + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_delete_dom_alias("", &q_u, data, 0)) { return False; } - pdb_set_lanman_passwd (pwd, id12->lm_pwd); - pdb_set_nt_passwd (pwd, id12->nt_pwd); + r_u.status = _samr_delete_dom_alias(p, &q_u, &r_u); - if(!pdb_update_sam_account(pwd, True)) + if (!samr_io_r_delete_dom_alias("", &r_u, rdata, 0)) { return False; + } return True; } /******************************************************************* - set_user_info_21 + api_samr_create_dom_group ********************************************************************/ -static BOOL set_user_info_21 (SAM_USER_INFO_21 *id21, uint32 rid) + +static BOOL api_samr_create_dom_group(pipes_struct *p) { - SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); - SAM_ACCOUNT new_pwd; + SAMR_Q_CREATE_DOM_GROUP q_u; + SAMR_R_CREATE_DOM_GROUP r_u; - if (id21 == NULL) { - DEBUG(5, ("set_user_info_21: NULL id21\n")); - return False; - } + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (pwd == NULL) + if (!samr_io_q_create_dom_group("", &q_u, data, 0)) { return False; + } - /* we make a copy so that we can modify stuff */ - copy_sam_passwd(&new_pwd, pwd); - copy_id21_to_sam_passwd(&new_pwd, id21); - - /* - * The funny part about the previous two calls is - * that pwd still has the password hashes from the - * passdb entry. These have not been updated from - * id21. I don't know if they need to be set. --jerry - */ + r_u.status = _samr_create_dom_group(p, &q_u, &r_u); - /* write the change out */ - if(!pdb_update_sam_account(&new_pwd, True)) + if (!samr_io_r_create_dom_group("", &r_u, rdata, 0)) { return False; - + } + return True; } /******************************************************************* - set_user_info_23 + api_samr_create_dom_alias ********************************************************************/ -static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) -{ - SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); - SAM_ACCOUNT new_pwd; - BYTE nt_hash[16]; - BYTE lm_hash[16]; - pstring buf; - uint32 len; - if (id23 == NULL) { - DEBUG(5, ("set_user_info_23: NULL id23\n")); - return False; - } +static BOOL api_samr_create_dom_alias(pipes_struct *p) +{ + SAMR_Q_CREATE_DOM_ALIAS q_u; + SAMR_R_CREATE_DOM_ALIAS r_u; - if (pwd == NULL) - return False; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - copy_sam_passwd(&new_pwd, pwd); - copy_id23_to_sam_passwd(&new_pwd, id23); + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len)) + if (!samr_io_q_create_dom_alias("", &q_u, data, 0)) { return False; + } - nt_lm_owf_gen(buf, nt_hash, lm_hash); - - pdb_set_lanman_passwd (&new_pwd, lm_hash); - pdb_set_nt_passwd (&new_pwd, nt_hash); - - /* update the UNIX password */ - if (lp_unix_password_sync()) - if(!chgpasswd(pdb_get_username(&new_pwd), "", buf, True)) - return False; - - memset(buf, 0, sizeof(buf)); + r_u.status = _samr_create_dom_alias(p, &q_u, &r_u); - if(!pdb_update_sam_account(&new_pwd, True)) + if (!samr_io_r_create_dom_alias("", &r_u, rdata, 0)) { return False; - + } + return True; } /******************************************************************* - set_user_info_24 + api_samr_query_groupinfo ********************************************************************/ -static BOOL set_user_info_24(const SAM_USER_INFO_24 *id24, uint32 rid) + +static BOOL api_samr_query_groupinfo(pipes_struct *p) { - SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); - uchar nt_hash[16]; - uchar lm_hash[16]; - uint32 len; - pstring buf; + SAMR_Q_QUERY_GROUPINFO q_u; + SAMR_R_QUERY_GROUPINFO r_u; - if (pwd == NULL) - return False; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - memset(buf, 0, sizeof(buf)); + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len)) + if (!samr_io_q_query_groupinfo("", &q_u, data, 0)) { return False; + } - DEBUG(0,("set_user_info_24:nt_lm_owf_gen\n")); - - nt_lm_owf_gen(buf, nt_hash, lm_hash); - - pdb_set_lanman_passwd (pwd, lm_hash); - pdb_set_nt_passwd (pwd, nt_hash); - - /* update the UNIX password */ - if (lp_unix_password_sync()) - if(!chgpasswd(pdb_get_username(pwd), "", buf, True)) - return False; - - memset(buf, 0, sizeof(buf)); - - DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n")); + r_u.status = _samr_query_groupinfo(p, &q_u, &r_u); - /* update the SAMBA password */ - if(!pdb_update_sam_account(pwd, True)) + if (!samr_io_r_query_groupinfo("", &r_u, rdata, 0)) { return False; + } return True; } /******************************************************************* - samr_reply_set_userinfo + api_samr_set_groupinfo ********************************************************************/ -static uint32 _samr_set_userinfo(POLICY_HND *pol, uint16 switch_value, - SAM_USERINFO_CTR *ctr, pipes_struct *p) -{ - uint32 rid = 0x0; - DOM_SID sid; - struct current_user user; - SAM_ACCOUNT *sam_pass; - unsigned char sess_key[16]; - - DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__)); - - if (p->ntlmssp_auth_validated) - { - memcpy(&user, &p->pipe_user, sizeof(user)); - } - else - { - extern struct current_user current_user; - memcpy(&user, ¤t_user, sizeof(user)); - } - /* search for the handle */ - if (find_lsa_policy_by_hnd(pol) == -1) - return NT_STATUS_INVALID_HANDLE; - - /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(pol, &sid)) - return NT_STATUS_INVALID_HANDLE; +static BOOL api_samr_set_groupinfo(pipes_struct *p) +{ + SAMR_Q_SET_GROUPINFO q_u; + SAMR_R_SET_GROUPINFO r_u; - sid_split_rid(&sid, &rid); + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - DEBUG(5, ("_samr_set_userinfo: rid:0x%x, level:%d\n", rid, switch_value)); + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (ctr == NULL) { - DEBUG(5, ("_samr_set_userinfo: NULL info level\n")); - return NT_STATUS_INVALID_INFO_CLASS; + if (!samr_io_q_set_groupinfo("", &q_u, data, 0)) { + return False; } + r_u.status = _samr_set_groupinfo(p, &q_u, &r_u); - /* - * We need the NT hash of the user who is changing the user's password. - * This NT hash is used to generate a "user session key" - * This "user session key" is in turn used to encrypt/decrypt the user's password. - */ - - become_root(); - sam_pass = pdb_getsampwuid(user.uid); - unbecome_root(); - if(sam_pass == NULL) { - DEBUG(0,("_samr_set_userinfo: Unable to get passdb entry for uid %u\n", - (unsigned int)pdb_get_uid(sam_pass) )); - return NT_STATUS_ACCESS_DENIED; - } - - memset(sess_key, '\0', 16); - mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16); - - /* ok! user info levels (lots: see MSDEV help), off we go... */ - switch (switch_value) { - case 0x12: - if (!set_user_info_12(ctr->info.id12, rid)) - return NT_STATUS_ACCESS_DENIED; - break; - - case 24: - SamOEMhash(ctr->info.id24->pass, sess_key, 1); - if (!set_user_info_24(ctr->info.id24, rid)) - return NT_STATUS_ACCESS_DENIED; - break; - - case 23: - SamOEMhash(ctr->info.id23->pass, sess_key, 1); - if (!set_user_info_23(ctr->info.id23, rid)) - return NT_STATUS_ACCESS_DENIED; - break; - - default: - return NT_STATUS_INVALID_INFO_CLASS; + if (!samr_io_r_set_groupinfo("", &r_u, rdata, 0)) { + return False; } - return NT_STATUS_NOPROBLEMO; + return True; } /******************************************************************* - api_samr_set_userinfo + api_samr_get_dom_pwinfo ********************************************************************/ -static BOOL api_samr_set_userinfo(pipes_struct *p) + +static BOOL api_samr_get_dom_pwinfo(pipes_struct *p) { - SAMR_Q_SET_USERINFO q_u; - SAMR_R_SET_USERINFO r_u; + SAMR_Q_GET_DOM_PWINFO q_u; + SAMR_R_GET_DOM_PWINFO r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; - SAM_USERINFO_CTR ctr; - ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - q_u.ctr = &ctr; - - if (!samr_io_q_set_userinfo("", &q_u, data, 0)) { - DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n")); + if (!samr_io_q_get_dom_pwinfo("", &q_u, data, 0)) { return False; } - r_u.status = _samr_set_userinfo(&q_u.pol, q_u.switch_value, &ctr, p); + r_u.status = _samr_get_dom_pwinfo(p, &q_u, &r_u); - free_samr_q_set_userinfo(&q_u); - - if(!samr_io_r_set_userinfo("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_set_userinfo: Unable to marshall SAMR_R_SET_USERINFO.\n")); + if (!samr_io_r_get_dom_pwinfo("", &r_u, rdata, 0)) { return False; } @@ -2482,59 +1136,41 @@ static BOOL api_samr_set_userinfo(pipes_struct *p) } /******************************************************************* - samr_reply_set_userinfo2 + api_samr_open_group ********************************************************************/ -static uint32 _samr_set_userinfo2(POLICY_HND *pol, uint16 switch_value, SAM_USERINFO_CTR *ctr) -{ - DOM_SID sid; - uint32 rid = 0x0; - DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__)); - - /* search for the handle */ - if (find_lsa_policy_by_hnd(pol) == -1) - return NT_STATUS_INVALID_HANDLE; - - /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(pol, &sid)) - return NT_STATUS_INVALID_HANDLE; +static BOOL api_samr_open_group(pipes_struct *p) +{ + SAMR_Q_OPEN_GROUP q_u; + SAMR_R_OPEN_GROUP r_u; - sid_split_rid(&sid, &rid); + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; - DEBUG(5, ("samr_reply_set_userinfo2: rid:0x%x\n", rid)); + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); - if (ctr == NULL) { - DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n")); - return NT_STATUS_INVALID_INFO_CLASS; + if (!samr_io_q_open_group("", &q_u, data, 0)) { + return False; } - ctr->switch_value = switch_value; - - /* ok! user info levels (lots: see MSDEV help), off we go... */ - switch (switch_value) { - case 21: - if (!set_user_info_21(ctr->info.id21, rid)) - return NT_STATUS_ACCESS_DENIED; - break; - case 16: - if (!set_user_info_10(ctr->info.id10, rid)) - return NT_STATUS_ACCESS_DENIED; - break; - default: - return NT_STATUS_INVALID_INFO_CLASS; + r_u.status = _samr_open_group(p, &q_u, &r_u); + + if (!samr_io_r_open_group("", &r_u, rdata, 0)) { + return False; } - return NT_STATUS_NOPROBLEMO; + return True; } /******************************************************************* - api_samr_set_userinfo2 + api_samr_unknown_2d ********************************************************************/ -static BOOL api_samr_set_userinfo2(pipes_struct *p) + +static BOOL api_samr_unknown_2d(pipes_struct *p) { - SAMR_Q_SET_USERINFO2 q_u; - SAMR_R_SET_USERINFO2 r_u; - SAM_USERINFO_CTR ctr; + SAMR_Q_UNKNOWN_2D q_u; + SAMR_R_UNKNOWN_2D r_u; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; @@ -2542,31 +1178,77 @@ static BOOL api_samr_set_userinfo2(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - q_u.ctr = &ctr; - - if (!samr_io_q_set_userinfo2("", &q_u, data, 0)) { - DEBUG(0,("api_samr_set_userinfo2: Unable to unmarshall SAMR_Q_SET_USERINFO2.\n")); + if (!samr_io_q_unknown_2d("", &q_u, data, 0)) { return False; } - r_u.status = _samr_set_userinfo2(&q_u.pol, q_u.switch_value, &ctr); - - free_samr_q_set_userinfo2(&q_u); + r_u.status = _samr_unknown_2d(p, &q_u, &r_u); - if(!samr_io_r_set_userinfo2("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_set_userinfo2: Unable to marshall SAMR_R_SET_USERINFO2.\n")); + if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) { return False; } return True; } - /******************************************************************* array of \PIPE\samr operations ********************************************************************/ + static struct api_struct api_samr_cmds [] = { + {"SAMR_CLOSE_HND", SAMR_CLOSE_HND, api_samr_close_hnd}, + {"SAMR_CONNECT", SAMR_CONNECT, api_samr_connect}, + {"SAMR_CONNECT_ANON", SAMR_CONNECT_ANON, api_samr_connect_anon}, + {"SAMR_ENUM_DOMAINS", SAMR_ENUM_DOMAINS, api_samr_enum_domains}, + {"SAMR_ENUM_DOM_USERS", SAMR_ENUM_DOM_USERS, api_samr_enum_dom_users}, + + {"SAMR_ENUM_DOM_GROUPS", SAMR_ENUM_DOM_GROUPS, api_samr_enum_dom_groups}, + {"SAMR_ENUM_DOM_ALIASES", SAMR_ENUM_DOM_ALIASES, api_samr_enum_dom_aliases}, + {"SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases}, + {"SAMR_QUERY_ALIASMEM", SAMR_QUERY_ALIASMEM, api_samr_query_aliasmem}, + {"SAMR_QUERY_GROUPMEM", SAMR_QUERY_GROUPMEM, api_samr_query_groupmem}, + {"SAMR_ADD_ALIASMEM", SAMR_ADD_ALIASMEM, api_samr_add_aliasmem}, + {"SAMR_DEL_ALIASMEM", SAMR_DEL_ALIASMEM, api_samr_del_aliasmem}, + {"SAMR_ADD_GROUPMEM", SAMR_ADD_GROUPMEM, api_samr_add_groupmem}, + {"SAMR_DEL_GROUPMEM", SAMR_DEL_GROUPMEM, api_samr_del_groupmem}, + + {"SAMR_DELETE_DOM_USER", SAMR_DELETE_DOM_USER, api_samr_delete_dom_user}, + {"SAMR_DELETE_DOM_GROUP", SAMR_DELETE_DOM_GROUP, api_samr_delete_dom_group}, + {"SAMR_DELETE_DOM_ALIAS", SAMR_DELETE_DOM_ALIAS, api_samr_delete_dom_alias}, + {"SAMR_CREATE_DOM_GROUP", SAMR_CREATE_DOM_GROUP, api_samr_create_dom_group}, + {"SAMR_CREATE_DOM_ALIAS", SAMR_CREATE_DOM_ALIAS, api_samr_create_dom_alias}, + {"SAMR_LOOKUP_NAMES", SAMR_LOOKUP_NAMES, api_samr_lookup_names}, + {"SAMR_OPEN_USER", SAMR_OPEN_USER, api_samr_open_user}, + {"SAMR_QUERY_USERINFO", SAMR_QUERY_USERINFO, api_samr_query_userinfo}, + {"SAMR_SET_USERINFO", SAMR_SET_USERINFO, api_samr_set_userinfo}, + {"SAMR_SET_USERINFO2", SAMR_SET_USERINFO2, api_samr_set_userinfo2}, + + {"SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info}, + {"SAMR_QUERY_USERGROUPS", SAMR_QUERY_USERGROUPS, api_samr_query_usergroups}, + {"SAMR_QUERY_DISPINFO", SAMR_QUERY_DISPINFO, api_samr_query_dispinfo}, + {"SAMR_QUERY_DISPINFO3", SAMR_QUERY_DISPINFO3, api_samr_query_dispinfo}, + {"SAMR_QUERY_DISPINFO4", SAMR_QUERY_DISPINFO4, api_samr_query_dispinfo}, + + {"SAMR_QUERY_ALIASINFO", SAMR_QUERY_ALIASINFO, api_samr_query_aliasinfo}, + {"SAMR_QUERY_GROUPINFO", SAMR_QUERY_GROUPINFO, api_samr_query_groupinfo}, + {"SAMR_SET_GROUPINFO", SAMR_SET_GROUPINFO, api_samr_set_groupinfo}, + {"SAMR_CREATE_USER", SAMR_CREATE_USER, api_samr_create_user}, + {"SAMR_LOOKUP_RIDS", SAMR_LOOKUP_RIDS, api_samr_lookup_rids}, + {"SAMR_GET_DOM_PWINFO", SAMR_GET_DOM_PWINFO, api_samr_get_dom_pwinfo}, + {"SAMR_CHGPASSWD_USER", SAMR_CHGPASSWD_USER, api_samr_chgpasswd_user}, + {"SAMR_OPEN_ALIAS", SAMR_OPEN_ALIAS, api_samr_open_alias}, + {"SAMR_OPEN_GROUP", SAMR_OPEN_GROUP, api_samr_open_group}, + {"SAMR_OPEN_DOMAIN", SAMR_OPEN_DOMAIN, api_samr_open_domain}, + {"SAMR_UNKNOWN_2D", SAMR_UNKNOWN_2D, api_samr_unknown_2d}, + {"SAMR_LOOKUP_DOMAIN", SAMR_LOOKUP_DOMAIN, api_samr_lookup_domain}, + + {"SAMR_QUERY_SEC_OBJECT", SAMR_QUERY_SEC_OBJECT, api_samr_query_sec_obj}, + {"SAMR_GET_USRDOM_PWINFO", SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo}, + {NULL, 0, NULL} + +#if 0 + { "SAMR_CLOSE_HND" , SAMR_CLOSE_HND , api_samr_close_hnd }, { "SAMR_CONNECT" , SAMR_CONNECT , api_samr_connect }, { "SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon }, @@ -2587,13 +1269,14 @@ static struct api_struct api_samr_cmds [] = { "SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user }, { "SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias }, { "SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain }, - { "SAMR_UNKNOWN_3" , SAMR_UNKNOWN_3 , api_samr_unknown_3 }, - { "SAMR_UNKNOWN_2C" , SAMR_UNKNOWN_2C , api_samr_unknown_2c }, + { "SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj }, + { "SAMR_GET_USRDOM_PWINFO", SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo}, { "SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain }, { "SAMR_ENUM_DOMAINS" , SAMR_ENUM_DOMAINS , api_samr_enum_domains }, { "SAMR_SET_USERINFO" , SAMR_SET_USERINFO , api_samr_set_userinfo }, { "SAMR_SET_USERINFO2" , SAMR_SET_USERINFO2 , api_samr_set_userinfo2 }, { NULL , 0 , NULL } +#endif }; /******************************************************************* @@ -2603,4 +1286,3 @@ BOOL api_samr_rpc(pipes_struct *p) { return api_rpcTNP(p, "api_samr_rpc", api_samr_cmds); } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index bd04b40c4d..ff484a8ff1 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -39,6 +39,23 @@ extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; extern rid_name builtin_alias_rids[]; +struct samr_info { + /* for use by the \PIPE\samr policy */ + DOM_SID sid; + uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */ +}; + +/******************************************************************* + Function to free the per handle data. + ********************************************************************/ + +static void free_samr_info(void *ptr) +{ + struct samr_info *samr = (struct samr_info *)ptr; + + safe_free(samr); +} + /******************************************************************* This next function should be replaced with something that dynamically returns the correct user info..... JRA. @@ -48,8 +65,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, int *total_entries, int *num_entries, int max_num_entries, uint16 acb_mask) { - void *vp = NULL; - struct sam_passwd *pwd = NULL; + SAM_ACCOUNT *pwd = NULL; (*num_entries) = 0; (*total_entries) = 0; @@ -57,13 +73,12 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, if (pw_buf == NULL) return False; - vp = startsmbpwent(False); - if (!vp) { - DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n")); + if (!pdb_setsampwent(False)) { + DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); return False; } - while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) { + while (((pwd = pdb_getsampwent()) != NULL) && (*num_entries) < max_num_entries) { int user_name_len; if (start_idx > 0) { @@ -74,21 +89,20 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, continue; } - user_name_len = strlen(pwd->smb_name)+1; - init_unistr2(&pw_buf[(*num_entries)].uni_user_name, pwd->smb_name, user_name_len); + user_name_len = strlen(pdb_get_username(pwd))+1; + init_unistr2(&pw_buf[(*num_entries)].uni_user_name, pdb_get_username(pwd), user_name_len); init_uni_hdr(&pw_buf[(*num_entries)].hdr_user_name, user_name_len); pw_buf[(*num_entries)].user_rid = pwd->user_rid; memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); /* Now check if the NT compatible password is available. */ - if (pwd->smb_nt_passwd != NULL) { - memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16); - } + if (pdb_get_nt_passwd(pwd)) + memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16); - pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; + pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd); DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pwd->smb_name, pwd->user_rid, pwd->acct_ctrl)); + (*num_entries), pdb_get_username(pwd), pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) )); if (acb_mask == 0 || (pwd->acct_ctrl & acb_mask)) { DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); @@ -100,17 +114,16 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, (*total_entries)++; } - endsmbpwent(vp); + pdb_endsampwent(); return (*num_entries) > 0; } static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, - int *total_entries, int *num_entries, + int *total_entries, uint32 *num_entries, int max_num_entries, uint16 acb_mask) { - void *vp = NULL; - struct sam_passwd *pwd = NULL; + SAM_ACCOUNT *pwd = NULL; *num_entries = 0; *total_entries = 0; @@ -118,17 +131,16 @@ static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, if (pw_buf == NULL) return False; - vp = startsmbpwent(False); - if (!vp) { - DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n")); - return False; - } + if (!pdb_setsampwent(False)) { + DEBUG(0, ("jf_get_sampwd_entries: Unable to open passdb.\n")); + return False; + } - while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) { + while (((pwd = pdb_getsampwent()) != NULL) && (*num_entries) < max_num_entries) { int user_name_len; int full_name_len; - if (acb_mask != 0 && !(pwd->acct_ctrl & acb_mask)) + if (acb_mask != 0 && !(pdb_get_acct_ctrl(pwd) & acb_mask)) continue; if (start_idx > 0) { @@ -141,29 +153,29 @@ static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, ZERO_STRUCTP(&pw_buf[(*num_entries)]); - user_name_len = strlen(pwd->smb_name); - init_unistr2(&pw_buf[(*num_entries)].uni_user_name, pwd->smb_name, user_name_len); + user_name_len = strlen(pdb_get_username(pwd)); + init_unistr2(&pw_buf[(*num_entries)].uni_user_name, pdb_get_username(pwd), user_name_len); init_uni_hdr(&pw_buf[(*num_entries)].hdr_user_name, user_name_len); - full_name_len = strlen(pwd->full_name); - init_unistr2(&pw_buf[(*num_entries)].uni_full_name, pwd->full_name, full_name_len); + full_name_len = strlen(pdb_get_fullname(pwd)); + init_unistr2(&pw_buf[(*num_entries)].uni_full_name, pdb_get_fullname(pwd), full_name_len); init_uni_hdr(&pw_buf[(*num_entries)].hdr_full_name, full_name_len); - pw_buf[(*num_entries)].user_rid = pwd->user_rid; + pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd); memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); /* Now check if the NT compatible password is available. */ - if (pwd->smb_nt_passwd != NULL) { - memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16); - } + if (pdb_get_nt_passwd(pwd)) + memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16); - pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl; + pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd); - DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x\n", (*num_entries), pwd->smb_name, pwd->user_rid, pwd->acct_ctrl)); + DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x\n", (*num_entries), + pdb_get_username(pwd), pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) )); (*num_entries)++; } - endsmbpwent(vp); + pdb_endsampwent(); *total_entries = *num_entries; return True; @@ -425,7 +437,7 @@ uint32 _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HND r_u->status = NT_STATUS_NOPROBLEMO; /* close the policy handle */ - if (!close_lsa_policy_hnd(&q_u->pol)) + if (!close_policy_hnd(p, &q_u->pol)) return NT_STATUS_OBJECT_NAME_INVALID; DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__)); @@ -439,42 +451,57 @@ uint32 _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HND uint32 _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN_DOMAIN *r_u) { + struct samr_info *info; + r_u->status = NT_STATUS_NOPROBLEMO; /* find the connection policy handle. */ - if (find_lsa_policy_by_hnd(&q_u->pol) == -1) + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) return NT_STATUS_INVALID_HANDLE; - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(&r_u->domain_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - /* associate the domain SID with the (unique) handle. */ - if (!set_lsa_policy_samr_sid(&r_u->domain_pol, &q_u->dom_sid.sid)) { - close_lsa_policy_hnd(&r_u->domain_pol); + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + info->sid = q_u->dom_sid.sid; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->domain_pol, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } DEBUG(5,("samr_open_domain: %d\n", __LINE__)); return r_u->status; } +static uint32 get_lsa_policy_samr_rid(struct samr_info *info) +{ + if (!info) { + DEBUG(3,("Error getting policy\n")); + return 0xffffffff; + } + + return info->sid.sub_auths[info->sid.num_auths-1]; +} + /******************************************************************* _samr_get_usrdom_pwinfo ********************************************************************/ uint32 _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, SAMR_R_GET_USRDOM_PWINFO *r_u) { + struct samr_info *info = NULL; + r_u->status = NT_STATUS_NOPROBLEMO; /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&q_u->user_pol) == -1) { + if (!find_policy_by_hnd(p, &q_u->user_pol, (void **)&info)) { return NT_STATUS_INVALID_HANDLE; } /* find the user's rid */ - if (get_lsa_policy_samr_rid(&q_u->user_pol) == 0xffffffff) { + if (get_lsa_policy_samr_rid(info) == 0xffffffff) { return NT_STATUS_OBJECT_TYPE_MISMATCH; } @@ -531,6 +558,21 @@ static uint32 samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SID return NT_STATUS_NOPROBLEMO; } +static BOOL get_lsa_policy_samr_sid(pipes_struct *p, POLICY_HND *pol, DOM_SID *sid) +{ + struct samr_info *info = NULL; + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, pol, (void **)&info)) + return False; + + if (!info) + return False; + + *sid = info->sid; + return True; +} + /******************************************************************* _samr_query_sec_obj ********************************************************************/ @@ -541,13 +583,10 @@ uint32 _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_QU r_u->status = NT_STATUS_NOPROBLEMO; - /* find the policy handle. open a policy on it. */ - if ((find_lsa_policy_by_hnd(&q_u->user_pol)) == -1) - return NT_STATUS_INVALID_HANDLE; - /* Get the SID. */ - if (!get_lsa_policy_samr_sid(&q_u->user_pol, &pol_sid)) - return NT_STATUS_OBJECT_TYPE_MISMATCH; + + if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid)) + return NT_STATUS_INVALID_HANDLE; r_u->status = samr_make_usr_obj_sd(p->mem_ctx, &r_u->buf, &pol_sid); @@ -608,7 +647,7 @@ uint32 _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_R_ r_u->status = NT_STATUS_NOPROBLEMO; /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&q_u->pol) == -1) + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) return NT_STATUS_INVALID_HANDLE; DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); @@ -808,12 +847,12 @@ static BOOL get_group_domain_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 sta uint32 _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS *r_u) { DOMAIN_GRP grp[2]; - int num_entries; + uint32 num_entries; DOM_SID sid; r_u->status = NT_STATUS_NOPROBLEMO; - if (!get_lsa_policy_samr_sid(&q_u->pol, &sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid)) return NT_STATUS_INVALID_HANDLE; DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); @@ -837,14 +876,13 @@ uint32 _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_ uint32 _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES *r_u) { DOMAIN_GRP grp[MAX_SAM_ENTRIES]; - int num_entries = 0; + uint32 num_entries = 0; fstring sid_str; DOM_SID sid; r_u->status = NT_STATUS_NOPROBLEMO; - /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(&q_u->pol, &sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid)) return NT_STATUS_INVALID_HANDLE; sid_to_string(sid_str, &sid); @@ -871,7 +909,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_ SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; DOMAIN_GRP grps[MAX_SAM_ENTRIES]; uint16 acb_mask = ACB_NORMAL; - int num_entries = 0; + uint32 num_entries = 0; int orig_num_entries = 0; int total_entries = 0; uint32 data_size = 0; @@ -883,7 +921,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_ r_u->status = NT_STATUS_NOPROBLEMO; - if (!get_lsa_policy_samr_sid(&q_u->domain_pol, &sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid)) return NT_STATUS_INVALID_HANDLE; /* decide how many entries to get depending on the max_entries @@ -994,21 +1032,22 @@ uint32 _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_ fstring alias=""; enum SID_NAME_USE type; uint32 alias_rid; + struct samr_info *info = NULL; r_u->status = NT_STATUS_NOPROBLEMO; DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&q_u->pol) == -1) + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - alias_rid = get_lsa_policy_samr_rid(&q_u->pol); + alias_rid = get_lsa_policy_samr_rid(info); if(alias_rid == 0xffffffff) return NT_STATUS_NO_SUCH_ALIAS; if(!local_lookup_rid(alias_rid, alias, &type)) - return NT_STATUS_NO_SUCH_ALIAS; + return NT_STATUS_NO_SUCH_ALIAS; switch (q_u->switch_level) { case 3: @@ -1104,7 +1143,7 @@ uint32 _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOK ZERO_ARRAY(rid); ZERO_ARRAY(type); - if (!get_lsa_policy_samr_sid(&q_u->pol, &pol_sid)) { + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid)) { init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH); return r_u->status; } @@ -1135,7 +1174,7 @@ uint32 _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOK } } - init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, type, r_u->status); + init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, (uint32 *)type, r_u->status); DEBUG(5,("_samr_lookup_names: %d\n", __LINE__)); @@ -1227,7 +1266,7 @@ uint32 _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(&q_u->pol, &pol_sid)) + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid)) return NT_STATUS_INVALID_HANDLE; if (num_rids > MAX_SAM_ENTRIES) { @@ -1274,50 +1313,45 @@ uint32 _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP uint32 _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USER *r_u) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sampass; DOM_SID sid; POLICY_HND domain_pol = q_u->domain_pol; uint32 user_rid = q_u->user_rid; POLICY_HND *user_pol = &r_u->user_pol; + struct samr_info *info = NULL; r_u->status = NT_STATUS_NO_PROBLEMO; /* find the domain policy handle. */ - if (find_lsa_policy_by_hnd(&domain_pol) == -1) + if (!find_policy_by_hnd(p, &domain_pol, NULL)) return NT_STATUS_INVALID_HANDLE; - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(user_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - become_root(); - sam_pass = getsam21pwrid(user_rid); + sampass = pdb_getsampwrid(user_rid); unbecome_root(); /* check that the RID exists in our domain. */ - if (sam_pass == NULL) { - close_lsa_policy_hnd(user_pol); + if (sampass == NULL) return NT_STATUS_NO_SUCH_USER; - } /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(&domain_pol, &sid)) { - close_lsa_policy_hnd(user_pol); + if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid)) return NT_STATUS_INVALID_HANDLE; - } /* append the user's RID to it */ - if(!sid_append_rid(&sid, user_rid)) { - close_lsa_policy_hnd(user_pol); + if(!sid_append_rid(&sid, user_rid)) return NT_STATUS_NO_SUCH_USER; - } - /* associate the user's SID with the handle. */ - if (!set_lsa_policy_samr_sid(user_pol, &sid)) { - /* oh, whoops. don't know what error message to return, here */ - close_lsa_policy_hnd(user_pol); + /* associate the user's SID with the new handle. */ + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + info->sid = sid; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } return r_u->status; } @@ -1328,7 +1362,7 @@ uint32 _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_U static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *smbpass; if (!pdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); @@ -1336,18 +1370,17 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) } become_root(); - smb_pass = getsmbpwrid(user_rid); + smbpass = pdb_getsampwrid(user_rid); unbecome_root(); - if (smb_pass == NULL) - { + if (smbpass == NULL) { DEBUG(4,("User 0x%x not found\n", user_rid)); return False; } - DEBUG(3,("User:[%s]\n", smb_pass->smb_name)); + DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) )); - init_sam_user_info10(id10, smb_pass->acct_ctrl); + init_sam_user_info10(id10, pdb_get_acct_ctrl(smbpass) ); return True; } @@ -1358,23 +1391,23 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) static BOOL get_user_info_12(SAM_USER_INFO_12 * id12, uint32 user_rid) { - struct smb_passwd *smb_pass; + SAM_ACCOUNT *smbpass; become_root(); - smb_pass = getsmbpwrid(user_rid); + smbpass = pdb_getsampwrid(user_rid); unbecome_root(); - if (smb_pass == NULL) { + if (smbpass == NULL) { DEBUG(4, ("User 0x%x not found\n", user_rid)); return False; } - DEBUG(3,("User:[%s] 0x%x\n", smb_pass->smb_name, smb_pass->acct_ctrl)); + DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) )); - if (smb_pass->acct_ctrl & ACB_DISABLED) + if ( pdb_get_acct_ctrl(smbpass) & ACB_DISABLED) return False; - init_sam_user_info12(id12, smb_pass->smb_passwd, smb_pass->smb_nt_passwd); + init_sam_user_info12(id12, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass)); return True; } @@ -1385,10 +1418,7 @@ static BOOL get_user_info_12(SAM_USER_INFO_12 * id12, uint32 user_rid) static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) { - NTTIME dummy_time; - struct sam_passwd *sam_pass; - LOGON_HRS hrs; - int i; + SAM_ACCOUNT *sampass; if (!pdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); @@ -1396,56 +1426,17 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) } become_root(); - sam_pass = getsam21pwrid(user_rid); + sampass = pdb_getsampwrid(user_rid); unbecome_root(); - if (sam_pass == NULL) { + if (sampass == NULL) { DEBUG(4,("User 0x%x not found\n", user_rid)); return False; } - DEBUG(3,("User:[%s]\n", sam_pass->smb_name)); - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - DEBUG(5,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n")); - - /* create a LOGON_HRS structure */ - hrs.len = sam_pass->hours_len; - SMB_ASSERT_ARRAY(hrs.hours, hrs.len); - for (i = 0; i < hrs.len; i++) - hrs.hours[i] = sam_pass->hours[i]; - - init_sam_user_info21A(id21, - - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - sam_pass->smb_name, /* user_name */ - sam_pass->full_name, /* full_name */ - sam_pass->home_dir, /* home_dir */ - sam_pass->dir_drive, /* dir_drive */ - sam_pass->logon_script, /* logon_script */ - sam_pass->profile_path, /* profile_path */ - sam_pass->acct_desc, /* description */ - sam_pass->workstations, /* workstations user can log in from */ - sam_pass->unknown_str, /* don't know, yet */ - sam_pass->munged_dial, /* dialin info. contains dialin path and tel no */ - - sam_pass->user_rid, /* RID user_id */ - sam_pass->group_rid, /* RID group_id */ - sam_pass->acct_ctrl, - - sam_pass->unknown_3, /* unknown_3 */ - sam_pass->logon_divs, /* divisions per week */ - &hrs, /* logon hours */ - sam_pass->unknown_5, - sam_pass->unknown_6); + DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); + + init_sam_user_info21A(id21, sampass); return True; } @@ -1458,15 +1449,16 @@ uint32 _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_ { SAM_USERINFO_CTR *ctr; uint32 rid = 0; + struct samr_info *info = NULL; r_u->status=NT_STATUS_NO_PROBLEMO; /* search for the handle */ - if (find_lsa_policy_by_hnd(&q_u->pol) == -1) + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; /* find the user's rid */ - if ((rid = get_lsa_policy_samr_rid(&q_u->pol)) == 0xffffffff) + if ((rid = get_lsa_policy_samr_rid(info)) == 0xffffffff) return NT_STATUS_OBJECT_TYPE_MISMATCH; DEBUG(5,("_samr_query_userinfo: rid:0x%x\n", rid)); @@ -1554,27 +1546,28 @@ uint32 _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAM int num_groups = 0; pstring groups; uint32 rid; + struct samr_info *info = NULL; r_u->status = NT_STATUS_NO_PROBLEMO; DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&q_u->pol) == -1) + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; /* find the user's rid */ - if ((rid = get_lsa_policy_samr_rid(&q_u->pol)) == 0xffffffff) + if ((rid = get_lsa_policy_samr_rid(info)) == 0xffffffff) return NT_STATUS_OBJECT_TYPE_MISMATCH; become_root(); - sam_pass = getsam21pwrid(rid); + sam_pass = pdb_getsampwrid(rid); unbecome_root(); if (sam_pass == NULL) return NT_STATUS_NO_SUCH_USER; - get_domain_user_groups(groups, sam_pass->smb_name); + get_domain_user_groups(groups, pdb_get_username(sam_pass)); gids = NULL; num_groups = make_dom_gids(p->mem_ctx, groups, &gids); @@ -1593,7 +1586,6 @@ uint32 _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAM uint32 _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR_R_QUERY_DOMAIN_INFO *r_u) { SAM_UNK_CTR *ctr; - uint16 switch_value = 0; if ((ctr = (SAM_UNK_CTR *)talloc(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL) return NT_STATUS_NO_MEMORY; @@ -1605,38 +1597,31 @@ uint32 _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&q_u->domain_pol) == -1) + if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL)) return NT_STATUS_INVALID_HANDLE; switch (q_u->switch_value) { case 0x01: - switch_value = 0x1; init_unk_info1(&ctr->info.inf1); break; case 0x02: - switch_value = 0x2; /* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */ init_unk_info2(&ctr->info.inf2, global_myworkgroup, global_myname, (uint32) time(NULL)); break; case 0x03: - switch_value = 0x3; init_unk_info3(&ctr->info.inf3); break; case 0x06: - switch_value = 0x6; init_unk_info6(&ctr->info.inf6); break; case 0x07: - switch_value = 0x7; init_unk_info7(&ctr->info.inf7); break; case 0x0c: - switch_value = 0xc; init_unk_info12(&ctr->info.inf12); break; default: return NT_STATUS_INVALID_INFO_CLASS; - break; } init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_NOPROBLEMO); @@ -1652,7 +1637,7 @@ uint32 _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREATE_USER *r_u) { - struct sam_passwd *sam_pass; + SAM_ACCOUNT *sam_pass; fstring mach_acct; pstring err_str; pstring msg_str; @@ -1663,9 +1648,10 @@ uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CR UNISTR2 user_account = q_u->uni_name; uint16 acb_info = q_u->acb_info; POLICY_HND *user_pol = &r_u->user_pol; + struct samr_info *info = NULL; /* find the policy handle. open a policy on it. */ - if (find_lsa_policy_by_hnd(&dom_pol) == -1) + if (!find_policy_by_hnd(p, &dom_pol, NULL)) return NT_STATUS_INVALID_HANDLE; /* find the machine account: tell the caller if it exists. @@ -1678,17 +1664,13 @@ uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CR strlower(mach_acct); become_root(); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = pdb_getsampwnam(mach_acct); unbecome_root(); if (sam_pass != NULL) { /* machine account exists: say so */ return NT_STATUS_USER_EXISTS; } - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(user_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - local_flags=LOCAL_ADD_USER|LOCAL_DISABLE_USER|LOCAL_SET_NO_PASSWORD; local_flags|= (acb_info & ACB_WSTRUST) ? LOCAL_TRUST_ACCOUNT:0; @@ -1720,37 +1702,41 @@ uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CR sizeof(err_str), msg_str, sizeof(msg_str))) { DEBUG(0, ("%s\n", err_str)); - close_lsa_policy_hnd(user_pol); + close_policy_hnd(p, user_pol); return NT_STATUS_ACCESS_DENIED; } become_root(); - sam_pass = getsam21pwnam(mach_acct); + sam_pass = pdb_getsampwnam(mach_acct); unbecome_root(); if (sam_pass == NULL) { /* account doesn't exist: say so */ - close_lsa_policy_hnd(user_pol); + close_policy_hnd(p, user_pol); return NT_STATUS_ACCESS_DENIED; } /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(&dom_pol, &sid)) { - close_lsa_policy_hnd(user_pol); + if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) { + close_policy_hnd(p, user_pol); return NT_STATUS_INVALID_HANDLE; } /* append the user's RID to it */ - if(!sid_append_rid(&sid, sam_pass->user_rid)) { - close_lsa_policy_hnd(user_pol); + if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) { + close_policy_hnd(p, user_pol); return NT_STATUS_NO_SUCH_USER; } - /* associate the SID with the (unique) handle. */ - if (!set_lsa_policy_samr_sid(user_pol, &sid)) { - /* oh, whoops. don't know what error message to return, here */ - close_lsa_policy_hnd(user_pol); + /* associate the user's SID with the new handle. */ + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + info->sid = sid; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } r_u->user_rid=sam_pass->user_rid; r_u->unknown_0 = 0x000703ff; @@ -1764,19 +1750,22 @@ uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CR uint32 _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CONNECT_ANON *r_u) { + struct samr_info *info = NULL; + /* set up the SAMR connect_anon response */ r_u->status = NT_STATUS_NO_PROBLEMO; - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(&r_u->connect_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + /* associate the user's SID with the new handle. */ + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + info->status = q_u->unknown_0; - /* associate the domain SID with the (unique) handle. */ - if (!set_lsa_policy_samr_pol_status(&r_u->connect_pol, q_u->unknown_0)) { - close_lsa_policy_hnd(&r_u->connect_pol); + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } return r_u->status; } @@ -1787,19 +1776,22 @@ uint32 _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CONN uint32 _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u) { + struct samr_info *info = NULL; + DEBUG(5,("_samr_connect: %d\n", __LINE__)); r_u->status = NT_STATUS_NO_PROBLEMO; - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(&r_u->connect_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + /* associate the user's SID with the new handle. */ + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + info->status = q_u->access_mask; - /* associate the domain SID with the (unique) handle. */ - if (!set_lsa_policy_samr_pol_status(&r_u->connect_pol, q_u->access_mask)) { - close_lsa_policy_hnd(&r_u->connect_pol); + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } DEBUG(5,("_samr_connect: %d\n", __LINE__)); @@ -1814,7 +1806,7 @@ uint32 _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_LO { r_u->status = NT_STATUS_NO_PROBLEMO; - if (find_lsa_policy_by_hnd(&q_u->connect_pol) == -1) + if (!find_policy_by_hnd(p, &q_u->connect_pol, NULL)) return NT_STATUS_INVALID_HANDLE; /* assume the domain name sent is our global_myname and @@ -1894,41 +1886,37 @@ uint32 _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN POLICY_HND domain_pol = q_u->dom_pol; uint32 alias_rid = q_u->rid_alias; POLICY_HND *alias_pol = &r_u->pol; + struct samr_info *info = NULL; r_u->status = NT_STATUS_NO_PROBLEMO; /* get the domain policy. */ - if (find_lsa_policy_by_hnd(&domain_pol) == -1) + if (!find_policy_by_hnd(p, &domain_pol, NULL)) return NT_STATUS_INVALID_HANDLE; - /* get a (unique) handle. open a policy on it. */ - if (!open_lsa_policy_hnd(alias_pol)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - /* Get the domain SID stored in the domain policy */ - if(!get_lsa_policy_samr_sid(&domain_pol, &sid)) { - close_lsa_policy_hnd(alias_pol); + if(!get_lsa_policy_samr_sid(p, &domain_pol, &sid)) return NT_STATUS_INVALID_HANDLE; - } + + /* append the alias' RID to it */ + if(!sid_append_rid(&sid, alias_rid)) + return NT_STATUS_NO_SUCH_USER; /* * we should check if the rid really exist !!! * JFM. */ + /* associate the user's SID with the new handle. */ + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; - /* append the alias' RID to it */ - if(!sid_append_rid(&sid, alias_rid)) { - close_lsa_policy_hnd(alias_pol); - return NT_STATUS_NO_SUCH_USER; - } + ZERO_STRUCTP(info); + info->sid = sid; - /* associate a SID with the (unique) handle. */ - if (!set_lsa_policy_samr_sid(alias_pol, &sid)) { - /* oh, whoops. don't know what error message to return, here */ - close_lsa_policy_hnd(alias_pol); + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, alias_pol, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - } return r_u->status; } @@ -1939,22 +1927,20 @@ uint32 _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); if (id10 == NULL) { DEBUG(5, ("set_user_info_10: NULL id10\n")); return False; } - if (pwd == NULL) + pwd = pdb_getsampwrid(rid); + if (!pwd) return False; - copy_sam_passwd(&new_pwd, pwd); - - new_pwd.acct_ctrl = id10->acb_info; + pdb_set_acct_ctrl(pwd, id10->acb_info); - if(!mod_sam21pwd_entry(&new_pwd, True)) + if(!pdb_update_sam_account(pwd, True)) return False; return True; @@ -1966,31 +1952,22 @@ static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, uint32 rid) static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; - + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + if (pwd == NULL) return False; - + if (id12 == NULL) { DEBUG(2, ("set_user_info_12: id12 is NULL\n")); return False; } - - pdb_init_sam(&new_pwd); - copy_sam_passwd(&new_pwd, pwd); - - memcpy(nt_hash, id12->nt_pwd, sizeof(nt_hash)); - memcpy(lm_hash, id12->lm_pwd, sizeof(lm_hash)); - - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; - - if(!mod_sam21pwd_entry(&new_pwd, True)) + + pdb_set_lanman_passwd (pwd, id12->lm_pwd); + pdb_set_nt_passwd (pwd, id12->nt_pwd); + + if(!pdb_update_sam_account(pwd, True)) return False; - + return True; } @@ -1998,41 +1975,34 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, uint32 rid) set_user_info_21 ********************************************************************/ -static BOOL set_user_info_21 (SAM_USER_INFO_21 *id21, uint32 rid) +static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; - + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAM_ACCOUNT new_pwd; + if (id21 == NULL) { DEBUG(5, ("set_user_info_21: NULL id21\n")); return False; } - + if (pwd == NULL) return False; - - pdb_init_sam(&new_pwd); - /* we make a copy so that we can modify stuff */ + + /* we make a copy so that we can modify stuff */ copy_sam_passwd(&new_pwd, pwd); copy_id21_to_sam_passwd(&new_pwd, id21); - - if (pwd->smb_nt_passwd != NULL) { - memcpy(nt_hash, pwd->smb_nt_passwd, 16); - new_pwd.smb_nt_passwd = nt_hash; - } else - new_pwd.smb_nt_passwd = NULL; - - if (pwd->smb_nt_passwd != NULL) { - memcpy(lm_hash, pwd->smb_passwd, 16); - new_pwd.smb_passwd = lm_hash; - } else - new_pwd.smb_passwd = NULL; - - if(!mod_sam21pwd_entry(&new_pwd, True)) + + /* + * The funny part about the previous two calls is + * that pwd still has the password hashes from the + * passdb entry. These have not been updated from + * id21. I don't know if they need to be set. --jerry + */ + + /* write the change out */ + if(!pdb_update_sam_account(&new_pwd, True)) return False; - + return True; } @@ -2042,52 +2012,54 @@ static BOOL set_user_info_21 (SAM_USER_INFO_21 *id21, uint32 rid) static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; - pstring buf; - uint32 len; - - if (id23 == NULL) { - DEBUG(5, ("set_user_info_23: NULL id23\n")); - return False; - } - - if (pwd == NULL) - return False; - - pdb_init_sam(&new_pwd); - copy_sam_passwd(&new_pwd, pwd); - copy_id23_to_sam_passwd(&new_pwd, id23); - - memset(buf, 0, sizeof(pstring)); - - if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len, nt_hash, lm_hash)) - return False; - - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + SAM_ACCOUNT new_pwd; + BYTE nt_hash[16]; + BYTE lm_hash[16]; + pstring buf; + uint32 len; + uint16 acct_ctrl; + + if (id23 == NULL) { + DEBUG(5, ("set_user_info_23: NULL id23\n")); + return False; + } + + if (pwd == NULL) + return False; + + acct_ctrl = pdb_get_acct_ctrl(pwd); + copy_sam_passwd(&new_pwd, pwd); + copy_id23_to_sam_passwd(&new_pwd, id23); + + if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len)) + return False; + + nt_lm_owf_gen(buf, nt_hash, lm_hash); + + pdb_set_lanman_passwd (&new_pwd, lm_hash); + pdb_set_nt_passwd (&new_pwd, nt_hash); + /* if it's a trust account, don't update /etc/passwd */ - if ( ( (new_pwd.acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || - ( (new_pwd.acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || - ( (new_pwd.acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || + ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account password, not updating /etc/passwd\n")); - } else { - + } else { + /* update the UNIX password */ /* update the UNIX password */ if (lp_unix_password_sync() ) - if(!chgpasswd(new_pwd.smb_name, "", buf, True)) + if(!chgpasswd(pdb_get_username(&new_pwd), "", buf, True)) return False; } - - memset(buf, 0, sizeof(buf)); - - if(!mod_sam21pwd_entry(&new_pwd, True)) - return False; - - return True; + + memset(buf, 0, sizeof(buf)); + + if(!pdb_update_sam_account(&new_pwd, True)) + return False; + + return True; } /******************************************************************* @@ -2096,49 +2068,51 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid) { - struct sam_passwd *pwd = getsam21pwrid(rid); - struct sam_passwd new_pwd; - static uchar nt_hash[16]; - static uchar lm_hash[16]; + SAM_ACCOUNT *pwd = pdb_getsampwrid(rid); + uchar nt_hash[16]; + uchar lm_hash[16]; uint32 len; pstring buf; - + uint16 acct_ctrl; + if (pwd == NULL) return False; + + acct_ctrl = pdb_get_acct_ctrl(pwd); - pdb_init_sam(&new_pwd); - copy_sam_passwd(&new_pwd, pwd); - - memset(buf, 0, sizeof(pstring)); - - if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len, nt_hash, lm_hash)) + memset(buf, 0, sizeof(buf)); + + if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len)) return False; - - new_pwd.smb_passwd = lm_hash; - new_pwd.smb_nt_passwd = nt_hash; - + + DEBUG(5,("set_user_info_24:nt_lm_owf_gen\n")); + + nt_lm_owf_gen(buf, nt_hash, lm_hash); + + pdb_set_lanman_passwd (pwd, lm_hash); + pdb_set_nt_passwd (pwd, nt_hash); + /* if it's a trust account, don't update /etc/passwd */ - if ( ( (new_pwd.acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || - ( (new_pwd.acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || - ( (new_pwd.acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || + ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account password, not updating /etc/passwd\n")); } else { - /* update the UNIX password */ - if (lp_unix_password_sync() ) - if(!chgpasswd(new_pwd.smb_name, "", buf, True)) + if (lp_unix_password_sync()) + if(!chgpasswd(pdb_get_username(pwd), "", buf, True)) return False; } - - memset(buf, 0, sizeof(buf)); - - DEBUG(5,("set_user_info_24: pdb_update_sam_account()\n")); - - /* update the SAMBA password */ - if(!mod_sam21pwd_entry(&new_pwd, True)) - return False; - - return True; + + memset(buf, 0, sizeof(buf)); + + DEBUG(0,("set_user_info_24: pdb_update_sam_account()\n")); + + /* update the SAMBA password */ + if(!pdb_update_sam_account(pwd, True)) + return False; + + return True; } /******************************************************************* @@ -2150,7 +2124,7 @@ uint32 _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_ uint32 rid = 0x0; DOM_SID sid; struct current_user user; - struct smb_passwd *smb_pass; + SAM_ACCOUNT *sam_pass; unsigned char sess_key[16]; POLICY_HND *pol = &q_u->pol; uint16 switch_value = q_u->switch_value; @@ -2167,12 +2141,8 @@ uint32 _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_ memcpy(&user, ¤t_user, sizeof(user)); } - /* search for the handle */ - if (find_lsa_policy_by_hnd(pol) == -1) - return NT_STATUS_INVALID_HANDLE; - /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(pol, &sid)) + if (!get_lsa_policy_samr_sid(p, pol, &sid)) return NT_STATUS_INVALID_HANDLE; sid_split_rid(&sid, &rid); @@ -2192,15 +2162,15 @@ uint32 _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_ */ become_root(); - smb_pass = getsmbpwuid(user.uid); + sam_pass = pdb_getsampwuid(user.uid); unbecome_root(); - if(smb_pass == NULL) { + if(sam_pass == NULL) { DEBUG(0,("_samr_set_userinfo: Unable to get smbpasswd entry for uid %u\n", (unsigned int)user.uid )); return NT_STATUS_ACCESS_DENIED; } memset(sess_key, '\0', 16); - mdfour(sess_key, smb_pass->smb_nt_passwd, 16); + mdfour(sess_key, pdb_get_nt_passwd(sam_pass), 16); /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { @@ -2236,7 +2206,7 @@ uint32 _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SE { DOM_SID sid; uint32 rid = 0x0; - SAM_USERINFO_CTR *ctr = NULL; + SAM_USERINFO_CTR *ctr = q_u->ctr; POLICY_HND *pol = &q_u->pol; uint16 switch_value = q_u->switch_value; @@ -2244,18 +2214,8 @@ uint32 _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SE r_u->status = NT_STATUS_NOPROBLEMO; - ctr = (SAM_USERINFO_CTR *)talloc(p->mem_ctx, sizeof(SAM_USERINFO_CTR)); - if (!ctr) - return NT_STATUS_NO_MEMORY; - - q_u->ctr = ctr; - - /* search for the handle */ - if (find_lsa_policy_by_hnd(pol) == -1) - return NT_STATUS_INVALID_HANDLE; - /* find the policy handle. open a policy on it. */ - if (!get_lsa_policy_samr_sid(pol, &sid)) + if (!get_lsa_policy_samr_sid(p, pol, &sid)) return NT_STATUS_INVALID_HANDLE; sid_split_rid(&sid, &rid); @@ -2267,7 +2227,7 @@ uint32 _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SE return NT_STATUS_INVALID_INFO_CLASS; } - ctr->switch_value = switch_value; + switch_value=ctr->switch_value; /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c index 0cb72232f2..126581ba80 100755 --- a/source3/rpc_server/srv_spoolss.c +++ b/source3/rpc_server/srv_spoolss.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -249,7 +248,11 @@ static BOOL api_spoolss_rffpcnex(pipes_struct *p) * api_spoolss_rfnpcnex * ReplyFindNextPrinterChangeNotifyEx * called from the spoolss dispatcher - * + + * Note - this is the *ONLY* function that breaks the RPC call + * symmetry in all the other calls. We need to do this to fix + * the massive memory allocation problem with thousands of jobs... + * JRA. ********************************************************************/ static BOOL api_spoolss_rfnpcnex(pipes_struct *p) @@ -1188,5 +1191,3 @@ BOOL api_spoolss_rpc(pipes_struct *p) { return api_rpcTNP(p, "api_spoolss_rpc", api_spoolss_cmds); } - -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 0fb38b84db..9fcf9930bf 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -40,14 +39,9 @@ extern pstring global_myname; /* and the notify info asked about */ /* that's the central struct */ typedef struct _Printer{ - ubi_dlNode Next; - ubi_dlNode Prev; - - BOOL open; BOOL document_started; BOOL page_started; int jobid; /* jobid in printing backend */ - POLICY_HND printer_hnd; BOOL printer_type; union { fstring handlename; @@ -78,14 +72,12 @@ typedef struct _counter_printer_0 { uint32 counter; } counter_printer_0; -static ubi_dlList Printer_list; static ubi_dlList counter_list; static struct cli_state cli; static uint32 smb_connections=0; -#define OPEN_HANDLE(pnum) ((pnum!=NULL) && (pnum->open!=False) && (IVAL(pnum->printer_hnd.data5,4)==(uint32)sys_getpid())) -#define OUR_HANDLE(pnum) ((pnum==NULL)?"NULL":(IVAL(pnum->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")) +#define OUR_HANDLE(hnd) ((hnd==NULL)?"NULL":(IVAL(hnd->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")) /* translate between internal status numbers and NT status numbers */ static int nt_printj_status(int v) @@ -151,6 +143,56 @@ static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp) free(sp); } +/*************************************************************************** + Disconnect from the client +****************************************************************************/ + +static void srv_spoolss_replycloseprinter(POLICY_HND *handle) +{ + uint32 status; + + /* weird if the test succeds !!! */ + if (smb_connections==0) { + DEBUG(0,("srv_spoolss_replycloseprinter:Trying to close non-existant notify backchannel !\n")); + return; + } + + if(!cli_spoolss_reply_close_printer(&cli, handle, &status)) + DEBUG(0,("srv_spoolss_replycloseprinter: reply_close_printer failed.\n")); + + /* if it's the last connection, deconnect the IPC$ share */ + if (smb_connections==1) { + if(!spoolss_disconnect_from_client(&cli)) + return; + + message_deregister(MSG_PRINTER_NOTIFY); + } + + smb_connections--; +} + +/**************************************************************************** + Functions to free a printer entry datastruct. +****************************************************************************/ + +static void free_printer_entry(void *ptr) +{ + Printer_entry *Printer = (Printer_entry *)ptr; + + if (Printer->notify.client_connected==True) + srv_spoolss_replycloseprinter(&Printer->notify.client_hnd); + + Printer->notify.flags=0; + Printer->notify.options=0; + Printer->notify.localmachine[0]='\0'; + Printer->notify.printerlocal=0; + free_spool_notify_option(&Printer->notify.option); + Printer->notify.option=NULL; + Printer->notify.client_connected=False; + + safe_free(Printer); +} + /**************************************************************************** Functions to duplicate a SPOOL_NOTIFY_OPTION struct stored in Printer_entry. ****************************************************************************/ @@ -180,15 +222,6 @@ SPOOL_NOTIFY_OPTION *dup_spool_notify_option(SPOOL_NOTIFY_OPTION *sp) return new_sp; } -/**************************************************************************** - initialise printer handle states... -****************************************************************************/ -void init_printer_hnd(void) -{ - ubi_dlInitList(&Printer_list); - ubi_dlInitList(&counter_list); -} - /**************************************************************************** Return a user struct for a pipe user. ****************************************************************************/ @@ -205,109 +238,36 @@ static struct current_user *get_current_user(struct current_user *user, pipes_st return user; } -/**************************************************************************** - create a unique printer handle -****************************************************************************/ -static void create_printer_hnd(POLICY_HND *hnd) -{ - static uint32 prt_hnd_low = 0; - static uint32 prt_hnd_high = 0; - - if (hnd == NULL) return; - - create_policy_handle(hnd, &prt_hnd_low, &prt_hnd_high); -} - /**************************************************************************** find printer index by handle ****************************************************************************/ -static Printer_entry *find_printer_index_by_hnd(const POLICY_HND *hnd) -{ - Printer_entry *find_printer; - find_printer = (Printer_entry *)ubi_dlFirst(&Printer_list); - - for(; find_printer; find_printer = (Printer_entry *)ubi_dlNext(find_printer)) { - - if (memcmp(&(find_printer->printer_hnd), hnd, sizeof(*hnd)) == 0) { - DEBUG(4,("Found printer handle \n")); - /*dump_data(4, hnd->data, sizeof(hnd->data));*/ - return find_printer; - } - } - - DEBUG(3,("Whoops, Printer handle not found: ")); - /*dump_data(4, hnd->data, sizeof(hnd->data));*/ - return NULL; -} - -/**************************************************************************** - clear an handle -****************************************************************************/ -static void clear_handle(POLICY_HND *hnd) -{ - ZERO_STRUCTP(hnd); -} - -/*************************************************************************** - Disconnect from the client -****************************************************************************/ -static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle) +static Printer_entry *find_printer_index_by_hnd(pipes_struct *p, POLICY_HND *hnd) { - uint32 status; - - /* weird if the test succeds !!! */ - if (smb_connections==0) { - DEBUG(0,("srv_spoolss_replycloseprinter:Trying to close non-existant notify backchannel !\n")); - return False; - } - - if(!cli_spoolss_reply_close_printer(&cli, handle, &status)) - return False; - - /* if it's the last connection, deconnect the IPC$ share */ - if (smb_connections==1) { - if(!spoolss_disconnect_from_client(&cli)) - return False; + Printer_entry *find_printer = NULL; - message_deregister(MSG_PRINTER_NOTIFY); + if(!find_policy_by_hnd(p,hnd,(void **)&find_printer)) { + DEBUG(3,("find_printer_index_by_hnd: Printer handle not found: ")); + return NULL; } - smb_connections--; - - return True; + return find_printer; } /**************************************************************************** close printer index by handle ****************************************************************************/ -static BOOL close_printer_handle(POLICY_HND *hnd) + +static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd) { - Printer_entry *Printer = find_printer_index_by_hnd(hnd); + Printer_entry *Printer = find_printer_index_by_hnd(p, hnd); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("close_printer_handle: Invalid handle (%s)\n", OUR_HANDLE(hnd))); return False; } - if (Printer->notify.client_connected==True) - if(!srv_spoolss_replycloseprinter(&Printer->notify.client_hnd)) - return ERROR_INVALID_HANDLE; - - Printer->open=False; - Printer->notify.flags=0; - Printer->notify.options=0; - Printer->notify.localmachine[0]='\0'; - Printer->notify.printerlocal=0; - free_spool_notify_option(&Printer->notify.option); - Printer->notify.option=NULL; - Printer->notify.client_connected=False; - - clear_handle(hnd); - - ubi_dlRemThis(&Printer_list, Printer); - - safe_free(Printer); + close_policy_hnd(p, hnd); return True; } @@ -315,11 +275,11 @@ static BOOL close_printer_handle(POLICY_HND *hnd) /**************************************************************************** delete a printer given a handle ****************************************************************************/ -static uint32 delete_printer_handle(POLICY_HND *hnd) +static uint32 delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) { - Printer_entry *Printer = find_printer_index_by_hnd(hnd); + Printer_entry *Printer = find_printer_index_by_hnd(p, hnd); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("delete_printer_handle: Invalid handle (%s)\n", OUR_HANDLE(hnd))); return ERROR_INVALID_HANDLE; } @@ -387,11 +347,11 @@ static uint32 delete_printer_handle(POLICY_HND *hnd) /**************************************************************************** return the snum of a printer corresponding to an handle ****************************************************************************/ -static BOOL get_printer_snum(POLICY_HND *hnd, int *number) +static BOOL get_printer_snum(pipes_struct *p, POLICY_HND *hnd, int *number) { - Printer_entry *Printer = find_printer_index_by_hnd(hnd); + Printer_entry *Printer = find_printer_index_by_hnd(p, hnd); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("get_printer_snum: Invalid handle (%s)\n", OUR_HANDLE(hnd))); return False; } @@ -411,11 +371,11 @@ static BOOL get_printer_snum(POLICY_HND *hnd, int *number) /**************************************************************************** set printer handle type. ****************************************************************************/ -static BOOL set_printer_hnd_accesstype(POLICY_HND *hnd, uint32 access_required) +static BOOL set_printer_hnd_accesstype(pipes_struct *p, POLICY_HND *hnd, uint32 access_required) { - Printer_entry *Printer = find_printer_index_by_hnd(hnd); + Printer_entry *Printer = find_printer_index_by_hnd(p, hnd); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("set_printer_hnd_accesstype: Invalid handle (%s)", OUR_HANDLE(hnd))); return False; } @@ -581,38 +541,35 @@ static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename) find first available printer slot. creates a printer handle for you. ****************************************************************************/ -static BOOL open_printer_hnd(POLICY_HND *hnd, char *name) +static BOOL open_printer_hnd(pipes_struct *p, POLICY_HND *hnd, char *name) { Printer_entry *new_printer; DEBUG(10,("open_printer_hnd: name [%s]\n", name)); - clear_handle(hnd); - create_printer_hnd(hnd); if((new_printer=(Printer_entry *)malloc(sizeof(Printer_entry))) == NULL) return False; ZERO_STRUCTP(new_printer); - new_printer->open = True; new_printer->notify.option=NULL; - memcpy(&new_printer->printer_hnd, hnd, sizeof(*hnd)); - - ubi_dlAddHead( &Printer_list, (ubi_dlNode *)new_printer); + if (!create_policy_hnd(p, hnd, free_printer_entry, new_printer)) { + safe_free(new_printer); + return False; + } if (!set_printer_hnd_printertype(new_printer, name)) { - close_printer_handle(hnd); + close_printer_handle(p, hnd); return False; } if (!set_printer_hnd_name(new_printer, name)) { - close_printer_handle(hnd); + close_printer_handle(p, hnd); return False; } - DEBUG(5, ("%d printer handles active\n", - (int)ubi_dlCount(&Printer_list))); + DEBUG(5, ("%d printer handles active\n", (int)p->pipe_handles.count )); return True; } @@ -620,11 +577,12 @@ static BOOL open_printer_hnd(POLICY_HND *hnd, char *name) /******************************************************************** Return True is the handle is a print server. ********************************************************************/ -static BOOL handle_is_printserver(const POLICY_HND *handle) + +static BOOL handle_is_printserver(pipes_struct *p, POLICY_HND *handle) { - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p,handle); - if (!OPEN_HANDLE(Printer)) + if (!Printer) return False; if (Printer->printer_type != PRINTER_HANDLE_IS_PRINTSERVER) @@ -670,11 +628,12 @@ static BOOL alloc_buffer_size(NEW_BUFFER *buffer, uint32 buffer_size) /*************************************************************************** receive the notify message ****************************************************************************/ + void srv_spoolss_receive_message(int msg_type, pid_t src, void *buf, size_t len) { fstring printer; uint32 status; - Printer_entry *find_printer; + struct pipes_struct *p; *printer = '\0'; fstrcpy(printer,buf); @@ -686,36 +645,45 @@ void srv_spoolss_receive_message(int msg_type, pid_t src, void *buf, size_t len) DEBUG(10,("srv_spoolss_receive_message: Got message about printer %s\n", printer )); - find_printer = (Printer_entry *)ubi_dlFirst(&Printer_list); + /* We need to enumerate all our pipes and all printers on them. */ + for ( p = get_first_pipe(); p; get_next_pipe(p)) { + struct policy *pol; - /* Iterate the printer list. */ - for(; find_printer; find_printer = (Printer_entry *)ubi_dlNext(find_printer)) { + if (!strequal(p->name, "spoolss")) + continue; - /* - * if the entry is the given printer or if it's a printerserver - * we send the message - */ + /* Iterate the printer list on this pipe. */ + for (pol = p->pipe_handles.Policy; pol; pol = pol->next ) { + Printer_entry *find_printer = (Printer_entry *)pol->data_ptr; - if (find_printer->printer_type==PRINTER_HANDLE_IS_PRINTER) - if (strcmp(find_printer->dev.handlename, printer)) + if (!find_printer) continue; - if (find_printer->notify.client_connected==True) - cli_spoolss_reply_rrpcn(&cli, &find_printer->notify.client_hnd, PRINTER_CHANGE_ALL, 0x0, &status); + /* + * if the entry is the given printer or if it's a printerserver + * we send the message + */ + + if (find_printer->printer_type==PRINTER_HANDLE_IS_PRINTER) + if (strcmp(find_printer->dev.handlename, printer)) + continue; + if (find_printer->notify.client_connected==True) + cli_spoolss_reply_rrpcn(&cli, &find_printer->notify.client_hnd, PRINTER_CHANGE_ALL, 0x0, &status); + } } } /*************************************************************************** send a notify event ****************************************************************************/ -static BOOL srv_spoolss_sendnotify(POLICY_HND *handle) +static BOOL srv_spoolss_sendnotify(pipes_struct *p, POLICY_HND *handle) { fstring printer; - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("srv_spoolss_sendnotify: Invalid handle (%s).\n", OUR_HANDLE(handle))); return False; } @@ -767,7 +735,7 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, DEBUGADD(3,("checking name: %s\n",name)); - if (!open_printer_hnd(handle, name)) + if (!open_printer_hnd(p, handle, name)) return ERROR_INVALID_PRINTER_NAME; /* @@ -780,8 +748,8 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, set_printer_hnd_datatype(handle, ""); */ - if (!set_printer_hnd_accesstype(handle, printer_default->access_required)) { - close_printer_handle(handle); + if (!set_printer_hnd_accesstype(p, handle, printer_default->access_required)) { + close_printer_handle(p, handle); return ERROR_ACCESS_DENIED; } @@ -810,7 +778,7 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, get_current_user(&user, p); - if (handle_is_printserver(handle)) { + if (handle_is_printserver(p, handle)) { if (printer_default->access_required == 0) { return NT_STATUS_NO_PROBLEMO; } @@ -820,14 +788,14 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, snum = -1; if (!lp_ms_add_printer_wizard()) { - close_printer_handle(handle); + close_printer_handle(p, handle); return ERROR_ACCESS_DENIED; } else if (user.uid == 0 || user_in_list(uidtoname(user.uid), lp_printer_admin(snum))) { return NT_STATUS_NO_PROBLEMO; } else { - close_printer_handle(handle); + close_printer_handle(p, handle); return ERROR_ACCESS_DENIED; } } @@ -837,7 +805,7 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* NT doesn't let us connect to a printer if the connecting user doesn't have print permission. */ - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p, handle, &snum)) return ERROR_INVALID_HANDLE; /* map an empty access mask to the minimum access mask */ @@ -846,7 +814,7 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, if (!print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); - close_printer_handle(handle); + close_printer_handle(p, handle); return ERROR_ACCESS_DENIED; } @@ -919,7 +887,7 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, if (printer_default->devmode_cont.devmode != NULL) { result = printer_write_default_dev( snum, printer_default); if (result != 0) { - close_printer_handle(handle); + close_printer_handle(p, handle); return result; } } @@ -1038,11 +1006,11 @@ BOOL convert_devicemode(char *printername, const DEVICEMODE *devmode, * _spoolss_enddocprinter_internal. ********************************************************************/ -static uint32 _spoolss_enddocprinter_internal(POLICY_HND *handle) +static uint32 _spoolss_enddocprinter_internal(pipes_struct *p, POLICY_HND *handle) { - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_enddocprinter_internal: Invalid handle (%s)\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -1062,14 +1030,14 @@ uint32 _spoolss_closeprinter(pipes_struct *p, SPOOL_Q_CLOSEPRINTER *q_u, SPOOL_R { POLICY_HND *handle = &q_u->handle; - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); if (Printer && Printer->document_started) - _spoolss_enddocprinter_internal(handle); /* print job was not closed */ + _spoolss_enddocprinter_internal(p, handle); /* print job was not closed */ memcpy(&r_u->handle, &q_u->handle, sizeof(r_u->handle)); - if (!close_printer_handle(handle)) + if (!close_printer_handle(p, handle)) return ERROR_INVALID_HANDLE; return NT_STATUS_NO_PROBLEMO; @@ -1084,18 +1052,18 @@ uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL { POLICY_HND *handle = &q_u->handle; - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); uint32 result; if (Printer && Printer->document_started) - _spoolss_enddocprinter_internal(handle); /* print job was not closed */ + _spoolss_enddocprinter_internal(p, handle); /* print job was not closed */ memcpy(&r_u->handle, &q_u->handle, sizeof(r_u->handle)); - result = delete_printer_handle(handle); + result = delete_printer_handle(p, handle); if (result == ERROR_SUCCESS) { - srv_spoolss_sendnotify(handle); + srv_spoolss_sendnotify(p, handle); } return result; @@ -1182,7 +1150,7 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 /******************************************************************** GetPrinterData on a printer Handle. ********************************************************************/ -static BOOL getprinterdata_printer(TALLOC_CTX *ctx, POLICY_HND *handle, +static BOOL getprinterdata_printer(pipes_struct *p, TALLOC_CTX *ctx, POLICY_HND *handle, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size ) { @@ -1190,16 +1158,16 @@ static BOOL getprinterdata_printer(TALLOC_CTX *ctx, POLICY_HND *handle, int snum=0; uint8 *idata=NULL; uint32 len; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); DEBUG(5,("getprinterdata_printer\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("getprinterdata_printer: Invalid handle (%s).\n", OUR_HANDLE(handle))); return False; } - if(!get_printer_snum(handle, &snum)) + if(!get_printer_snum(p, handle, &snum)) return False; if(get_a_printer(&printer, 2, lp_servicename(snum)) != 0) @@ -1251,7 +1219,7 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO fstring value; BOOL found=False; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); /* * Reminder: when it's a string, the length is in BYTES @@ -1268,7 +1236,7 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO DEBUG(4,("_spoolss_getprinterdata\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { if((*data=(uint8 *)malloc(4*sizeof(uint8))) == NULL) return ERROR_NOT_ENOUGH_MEMORY; DEBUG(0,("_spoolss_getprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); @@ -1277,10 +1245,10 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO unistr2_to_ascii(value, valuename, sizeof(value)-1); - if (handle_is_printserver(handle)) + if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) found=getprinterdata_printer_server(p->mem_ctx, value, type, data, needed, *out_size); else - found= getprinterdata_printer(p->mem_ctx, handle, value, type, data, needed, *out_size); + found= getprinterdata_printer(p, p->mem_ctx, handle, value, type, data, needed, *out_size); if (found==False) { DEBUG(5, ("value not found, allocating %d\n", *out_size)); @@ -1351,9 +1319,9 @@ uint32 _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNE /* store the notify value in the printer struct */ - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_rffpcnex: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -1786,13 +1754,11 @@ static void spoolss_notify_status(int snum, NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx) { - int count; - print_queue_struct *q=NULL; print_status_struct status; memset(&status, 0, sizeof(status)); - count = print_queue_status(snum, &q, &status); + print_queue_status(snum, &q, &status); data->notify_data.value[0]=(uint32) status.status; safe_free(q); } @@ -2277,20 +2243,19 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, * that's the print server case, the printer case is even worse. */ - - /******************************************************************* * * enumerate all printers on the printserver * fill a notify_info struct with info asked * ********************************************************************/ -static uint32 printserver_notify_info(const POLICY_HND *hnd, + +static uint32 printserver_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, TALLOC_CTX *mem_ctx) { int snum; - Printer_entry *Printer=find_printer_index_by_hnd(hnd); + Printer_entry *Printer=find_printer_index_by_hnd(p, hnd); int n_services=lp_numservices(); int i; uint32 id; @@ -2341,11 +2306,11 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd, * fill a notify_info struct with info asked * ********************************************************************/ -static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, +static uint32 printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, TALLOC_CTX *mem_ctx) { int snum; - Printer_entry *Printer=find_printer_index_by_hnd(hnd); + Printer_entry *Printer=find_printer_index_by_hnd(p, hnd); int i; uint32 id; SPOOL_NOTIFY_OPTION *option; @@ -2362,7 +2327,7 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, info->data=NULL; info->count=0; - get_printer_snum(hnd, &snum); + get_printer_snum(p, hnd, &snum); for (i=0; icount; i++) { option_type=&option->ctr.type[i]; @@ -2430,13 +2395,13 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN /* SPOOL_NOTIFY_OPTION *option = q_u->option; - notused. */ SPOOL_NOTIFY_INFO *info = &r_u->info; - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); uint32 result = ERROR_INVALID_HANDLE; /* we always have a NOTIFY_INFO struct */ r_u->info_ptr=0x1; - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_rfnpcnex: Invalid handle (%s).\n", OUR_HANDLE(handle))); goto done; @@ -2459,12 +2424,11 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN switch (Printer->printer_type) { case PRINTER_HANDLE_IS_PRINTSERVER: - result = printserver_notify_info(handle, info, - p->mem_ctx); + result = printserver_notify_info(p, handle, info, p->mem_ctx); break; case PRINTER_HANDLE_IS_PRINTER: - result = printer_notify_info(handle, info, p->mem_ctx); + result = printer_notify_info(p, handle, info, p->mem_ctx); break; } @@ -3312,7 +3276,7 @@ uint32 _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GET *needed=0; - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p, handle, &snum)) return ERROR_INVALID_HANDLE; switch (level) { @@ -3831,7 +3795,7 @@ uint32 _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_ pstrcpy(servername, global_myname); unistr2_to_ascii(architecture, uni_arch, sizeof(architecture)-1); - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p, handle, &snum)) return ERROR_INVALID_HANDLE; switch (level) { @@ -3855,9 +3819,9 @@ uint32 _spoolss_startpageprinter(pipes_struct *p, SPOOL_Q_STARTPAGEPRINTER *q_u, { POLICY_HND *handle = &q_u->handle; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); - if (OPEN_HANDLE(Printer)) { + if (Printer) { Printer->page_started=True; return 0x0; } @@ -3873,9 +3837,9 @@ uint32 _spoolss_endpageprinter(pipes_struct *p, SPOOL_Q_ENDPAGEPRINTER *q_u, SPO { POLICY_HND *handle = &q_u->handle; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_endpageprinter: Invalid handle (%s).\n",OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -3902,10 +3866,10 @@ uint32 _spoolss_startdocprinter(pipes_struct *p, SPOOL_Q_STARTDOCPRINTER *q_u, S int snum; pstring jobname; fstring datatype; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); struct current_user user; - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_startdocprinter: Invalid handle (%s)\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -3933,7 +3897,7 @@ uint32 _spoolss_startdocprinter(pipes_struct *p, SPOOL_Q_STARTDOCPRINTER *q_u, S } /* get the share number of the printer */ - if (!get_printer_snum(handle, &snum)) { + if (!get_printer_snum(p, handle, &snum)) { return ERROR_INVALID_HANDLE; } @@ -3964,7 +3928,7 @@ uint32 _spoolss_enddocprinter(pipes_struct *p, SPOOL_Q_ENDDOCPRINTER *q_u, SPOOL { POLICY_HND *handle = &q_u->handle; - return _spoolss_enddocprinter_internal(handle); + return _spoolss_enddocprinter_internal(p, handle); } /**************************************************************************** @@ -3977,9 +3941,9 @@ uint32 _spoolss_writeprinter(pipes_struct *p, SPOOL_Q_WRITEPRINTER *q_u, SPOOL_R uint8 *buffer = q_u->buffer; uint32 *buffer_written = &q_u->buffer_size2; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_writeprinter: Invalid handle (%s)\n",OUR_HANDLE(handle))); r_u->buffer_written = q_u->buffer_size2; return ERROR_INVALID_HANDLE; @@ -4003,16 +3967,16 @@ static uint32 control_printer(POLICY_HND *handle, uint32 command, { struct current_user user; int snum, errcode = ERROR_INVALID_FUNCTION; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); get_current_user(&user, p); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("control_printer: Invalid handle (%s)\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p, handle, &snum)) return ERROR_INVALID_HANDLE; switch (command) { @@ -4063,9 +4027,9 @@ static uint32 update_printer_sec(POLICY_HND *handle, uint32 level, uint32 result; int snum; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer) || !get_printer_snum(handle, &snum)) { + if (!Printer || !get_printer_snum(p, handle, &snum)) { DEBUG(0,("update_printer_sec: Invalid handle (%s)\n", OUR_HANDLE(handle))); @@ -4478,13 +4442,13 @@ static BOOL nt_printer_info_level_equal(NT_PRINTER_INFO_LEVEL *p1, * when updating a printer description ********************************************************************/ -static uint32 update_printer(POLICY_HND *handle, uint32 level, +static uint32 update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, const SPOOL_PRINTER_INFO_LEVEL *info, DEVICEMODE *devmode) { int snum; NT_PRINTER_INFO_LEVEL *printer = NULL, *old_printer = NULL; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); uint32 result; DEBUG(8,("update_printer\n")); @@ -4498,12 +4462,12 @@ static uint32 update_printer(POLICY_HND *handle, uint32 level, goto done; } - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { result = ERROR_INVALID_HANDLE; goto done; } - if (!get_printer_snum(handle, &snum)) { + if (!get_printer_snum(p, handle, &snum)) { result = ERROR_INVALID_HANDLE; goto done; } @@ -4582,7 +4546,7 @@ static uint32 update_printer(POLICY_HND *handle, uint32 level, free_a_printer(&printer, 2); free_a_printer(&old_printer, 2); - srv_spoolss_sendnotify(handle); + srv_spoolss_sendnotify(p, handle); return result; } @@ -4599,9 +4563,9 @@ uint32 _spoolss_setprinter(pipes_struct *p, SPOOL_Q_SETPRINTER *q_u, SPOOL_R_SET SEC_DESC_BUF *secdesc_ctr = q_u->secdesc_ctr; uint32 command = q_u->command; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_setprinter: Invalid handle (%s)\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -4611,7 +4575,7 @@ uint32 _spoolss_setprinter(pipes_struct *p, SPOOL_Q_SETPRINTER *q_u, SPOOL_R_SET case 0: return control_printer(handle, command, p); case 2: - return update_printer(handle, level, info, devmode_ctr.devmode); + return update_printer(p, handle, level, info, devmode_ctr.devmode); case 3: return update_printer_sec(handle, level, info, p, secdesc_ctr); @@ -4627,16 +4591,15 @@ uint32 _spoolss_fcpn(pipes_struct *p, SPOOL_Q_FCPN *q_u, SPOOL_R_FCPN *r_u) { POLICY_HND *handle = &q_u->handle; - Printer_entry *Printer= find_printer_index_by_hnd(handle); + Printer_entry *Printer= find_printer_index_by_hnd(p, handle); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_fcpn: Invalid handle (%s)\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } if (Printer->notify.client_connected==True) - if(!srv_spoolss_replycloseprinter(&Printer->notify.client_hnd)) - return ERROR_INVALID_HANDLE; + srv_spoolss_replycloseprinter(&Printer->notify.client_hnd); Printer->notify.flags=0; Printer->notify.options=0; @@ -4872,7 +4835,7 @@ uint32 _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJO *needed=0; *returned=0; - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p, handle, &snum)) return ERROR_INVALID_HANDLE; *returned = print_queue_status(snum, &queue, &prt_status); @@ -4920,7 +4883,7 @@ uint32 _spoolss_setjob(pipes_struct *p, SPOOL_Q_SETJOB *q_u, SPOOL_R_SETJOB *r_u memset(&prt_status, 0, sizeof(prt_status)); - if (!get_printer_snum(handle, &snum)) { + if (!get_printer_snum(p, handle, &snum)) { return ERROR_INVALID_HANDLE; } @@ -5647,7 +5610,7 @@ uint32 _spoolss_enumports( pipes_struct *p, SPOOL_Q_ENUMPORTS *q_u, SPOOL_R_ENUM /**************************************************************************** ****************************************************************************/ -static uint32 spoolss_addprinterex_level_2( const UNISTR2 *uni_srv_name, +static uint32 spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_srv_name, const SPOOL_PRINTER_INFO_LEVEL *info, uint32 unk0, uint32 unk1, uint32 unk2, uint32 unk3, uint32 user_switch, const SPOOL_USER_CTR *user, @@ -5702,7 +5665,7 @@ static uint32 spoolss_addprinterex_level_2( const UNISTR2 *uni_srv_name, return ERROR_ACCESS_DENIED; } - if (!open_printer_hnd(handle, name)) { + if (!open_printer_hnd(p, handle, name)) { /* Handle open failed - remove addition. */ del_a_printer(printer->info_2->sharename); free_a_printer(&printer,2); @@ -5711,7 +5674,7 @@ static uint32 spoolss_addprinterex_level_2( const UNISTR2 *uni_srv_name, free_a_printer(&printer,2); - srv_spoolss_sendnotify(handle); + srv_spoolss_sendnotify(p, handle); return NT_STATUS_NO_PROBLEMO; } @@ -5738,7 +5701,7 @@ uint32 _spoolss_addprinterex( pipes_struct *p, SPOOL_Q_ADDPRINTEREX *q_u, SPOOL_ /* but I know what to do ... */ return ERROR_INVALID_LEVEL; case 2: - return spoolss_addprinterex_level_2(uni_srv_name, info, + return spoolss_addprinterex_level_2(p, uni_srv_name, info, unk0, unk1, unk2, unk3, user_switch, user, handle); default: @@ -5886,7 +5849,7 @@ uint32 _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S uint32 biggest_valuesize; uint32 biggest_datasize; uint32 data_len; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); int snum; uint8 *data=NULL; uint32 type; @@ -5905,12 +5868,12 @@ uint32 _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S DEBUG(5,("spoolss_enumprinterdata\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_enumprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p,handle, &snum)) return ERROR_INVALID_HANDLE; if (get_a_printer(&printer, 2, lp_servicename(snum)) != 0) @@ -6045,16 +6008,16 @@ uint32 _spoolss_setprinterdata( pipes_struct *p, SPOOL_Q_SETPRINTERDATA *q_u, SP NT_PRINTER_PARAM *param = NULL, old_param; int snum=0; uint32 status = 0x0; - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); DEBUG(5,("spoolss_setprinterdata\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_setprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p,handle, &snum)) return ERROR_INVALID_HANDLE; status = get_a_printer(&printer, 2, lp_servicename(snum)); @@ -6117,16 +6080,16 @@ uint32 _spoolss_deleteprinterdata(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATA *q_ NT_PRINTER_PARAM param; int snum=0; uint32 status = 0x0; - Printer_entry *Printer=find_printer_index_by_hnd(handle); + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); DEBUG(5,("spoolss_deleteprinterdata\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_deleteprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p, handle, &snum)) return ERROR_INVALID_HANDLE; if (!print_access_check(NULL, snum, PRINTER_ACCESS_ADMINISTER)) { @@ -6162,11 +6125,11 @@ uint32 _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM int count=0; nt_forms_struct *list=NULL; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); DEBUG(5,("spoolss_addform\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_addform: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -6192,11 +6155,11 @@ uint32 _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE int count=0; uint32 ret = 0; nt_forms_struct *list=NULL; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); DEBUG(5,("spoolss_deleteform\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_deleteform: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -6222,11 +6185,11 @@ uint32 _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM * int count=0; nt_forms_struct *list=NULL; - Printer_entry *Printer = find_printer_index_by_hnd(handle); + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); DEBUG(5,("spoolss_setform\n")); - if (!OPEN_HANDLE(Printer)) { + if (!Printer) { DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } @@ -6605,7 +6568,7 @@ uint32 _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_ *needed=0; - if (!get_printer_snum(handle, &snum)) + if (!get_printer_snum(p, handle, &snum)) return ERROR_INVALID_HANDLE; count = print_queue_status(snum, &queue, &prt_status); @@ -6623,4 +6586,3 @@ uint32 _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_ return ERROR_INVALID_LEVEL; } } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_srvsvc.c b/source3/rpc_server/srv_srvsvc.c index b530d66092..a3176bfd73 100644 --- a/source3/rpc_server/srv_srvsvc.c +++ b/source3/rpc_server/srv_srvsvc.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -248,5 +247,3 @@ BOOL api_srvsvc_rpc(pipes_struct *p) { return api_rpcTNP(p, "api_srvsvc_rpc", api_srv_cmds); } - -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 80794609ea..6e0043b0bb 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -695,6 +694,9 @@ uint32 _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R lp_default_server_announce(), string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH)); break; + case 100: + init_srv_info_100(&ctr->srv.sv100, 500, global_myname); + break; default: status = NT_STATUS_INVALID_INFO_CLASS; break; @@ -863,4 +865,3 @@ uint32 _srv_net_remote_tod(pipes_struct *p, SRV_Q_NET_REMOTE_TOD *q_u, SRV_R_NET return r_u->status; } -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 8349b7add6..82125a7085 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -1,5 +1,3 @@ -#define OLD_NTDOMAIN 1 - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -80,7 +78,7 @@ rid_name domain_group_rids[] = { 0 , NULL } }; -int make_dom_gids(char *gids_str, DOM_GID **ppgids) +int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids) { char *ptr; pstring s2; @@ -99,10 +97,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids) count++) ; - gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count ); + gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count ); if(!gids) { - DEBUG(0,("make_dom_gids: malloc fail !\n")); + DEBUG(0,("make_dom_gids: talloc fail !\n")); return 0; } @@ -192,11 +190,10 @@ void get_domain_user_groups(char *domain_groups, char *user) } } - /******************************************************************* - lookup_group_name + Look up a local (domain) rid and return a name and type. ********************************************************************/ -uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type) +uint32 local_lookup_group_name(uint32 rid, char *group_name, uint32 *type) { int i = 0; (*type) = SID_NAME_DOM_GRP; @@ -220,9 +217,9 @@ uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type) } /******************************************************************* - lookup_alias_name + Look up a local alias rid and return a name and type. ********************************************************************/ -uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) +uint32 local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) { int i = 0; (*type) = SID_NAME_WKN_GRP; @@ -246,11 +243,11 @@ uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) } /******************************************************************* - lookup_user_name + Look up a local user rid and return a name and type. ********************************************************************/ -uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) +uint32 local_lookup_user_name(uint32 rid, char *user_name, uint32 *type) { - struct sam_disp_info *disp_info; + SAM_ACCOUNT *sampwd; int i = 0; (*type) = SID_NAME_USER; @@ -271,12 +268,12 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) /* ok, it's a user. find the user account */ become_root(); - disp_info = pdb_sam_to_dispinfo(pdb_getsampwrid(rid)); + sampwd = pdb_getsampwrid(rid); unbecome_root(); - if (disp_info != NULL) + if (sampwd != NULL) { - fstrcpy(user_name, disp_info->smb_name); + fstrcpy(user_name, pdb_get_username(sampwd) ); DEBUG(5,(" = %s\n", user_name)); return 0x0; } @@ -286,9 +283,9 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) } /******************************************************************* - lookup_group_rid + Look up a local (domain) group name and return a rid ********************************************************************/ -uint32 lookup_group_rid(char *group_name, uint32 *rid) +uint32 local_lookup_group_rid(char *group_name, uint32 *rid) { char *grp_name; int i = -1; /* start do loop at -1 */ @@ -305,9 +302,9 @@ uint32 lookup_group_rid(char *group_name, uint32 *rid) } /******************************************************************* - lookup_alias_rid + Look up a local (BUILTIN) alias name and return a rid ********************************************************************/ -uint32 lookup_alias_rid(char *alias_name, uint32 *rid) +uint32 local_lookup_alias_rid(char *alias_name, uint32 *rid) { char *als_name; int i = -1; /* start do loop at -1 */ @@ -324,25 +321,23 @@ uint32 lookup_alias_rid(char *alias_name, uint32 *rid) } /******************************************************************* - lookup_user_rid + Look up a local user name and return a rid ********************************************************************/ -uint32 lookup_user_rid(char *user_name, uint32 *rid) +uint32 local_lookup_user_rid(char *user_name, uint32 *rid) { - SAM_ACCOUNT *sam_pass; + SAM_ACCOUNT *sampass; (*rid) = 0; /* find the user account */ become_root(); - sam_pass = pdb_getsampwnam(user_name); + sampass = pdb_getsampwnam(user_name); unbecome_root(); - if (sam_pass != NULL) + if (sampass != NULL) { - *rid = pdb_get_user_rid(sam_pass); + (*rid) = pdb_get_user_rid(sampass); return 0x0; } return NT_STATUS_NONE_MAPPED; } - -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_wkssvc.c b/source3/rpc_server/srv_wkssvc.c index e648c0f122..12e4a8f335 100644 --- a/source3/rpc_server/srv_wkssvc.c +++ b/source3/rpc_server/srv_wkssvc.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -72,5 +71,3 @@ BOOL api_wkssvc_rpc(pipes_struct *p) { return api_rpcTNP(p, "api_wkssvc_rpc", api_wks_cmds); } - -#undef OLD_NTDOMAIN diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index 688c7f1d01..40771d2fb9 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -1,4 +1,3 @@ -#define OLD_NTDOMAIN 1 /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -79,4 +78,3 @@ uint32 _wks_query_info(pipes_struct *p, WKS_Q_QUERY_INFO *q_u, WKS_R_QUERY_INFO return r_u->status; } -#undef OLD_NTDOMAIN -- cgit