From 31044dd8e6419b305779408a4b3b0fbd8eab11b5 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 30 Nov 1998 15:08:58 +0000 Subject: - adding builtin[alias]db. - lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c) --- source3/Makefile.in | 6 +++--- source3/include/proto.h | 31 +++++++++++++++++++++++++++++- source3/include/rpcclient.h | 1 + source3/lib/domain_namemap.c | 13 ++++++------- source3/lib/sids.c | 14 +++++++++----- source3/lib/util_pwdb.c | 9 +++++---- source3/lsarpcd/srv_lsa.c | 7 +++---- source3/passdb/smbpass.c | 40 +++++++++++++++++++-------------------- source3/passdb/smbpassgroupunix.c | 12 ++++++++++++ source3/rpc_client/cli_lsarpc.c | 7 ++++--- source3/rpc_server/srv_lsa.c | 7 +++---- source3/rpc_server/srv_samr.c | 23 ++++++++++++++-------- source3/rpcclient/cmd_samr.c | 39 ++++++++++++++++++++++++++++---------- source3/smbd/server.c | 5 +++++ 14 files changed, 145 insertions(+), 69 deletions(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 838dd826bd..799b5e22d4 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -150,9 +150,9 @@ RPC_CLIENT_OBJ = \ LOCKING_OBJ = locking/locking.o locking/locking_shm.o locking/locking_slow.o \ locking/shmem.o locking/shmem_sysv.o -GROUPDB_OBJ = groupdb/groupdb.o groupdb/groupfile.o \ - groupdb/aliasdb.o groupdb/aliasfile.o \ - groupdb/groupunix.o groupdb/aliasunix.o \ +GROUPDB_OBJ = groupdb/groupdb.o groupdb/aliasdb.o groupdb/builtindb.o \ + groupdb/groupfile.o groupdb/aliasfile.o \ + groupdb/groupunix.o groupdb/aliasunix.o groupdb/builtinunix.o \ passdb/passgrp.o passdb/smbpassgroup.o \ passdb/smbpassgroupunix.o diff --git a/source3/include/proto.h b/source3/include/proto.h index 4902cf06bf..2e7433bb43 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -50,6 +50,35 @@ BOOL get_unixalias_members(struct group *grp, int *num_mem, LOCAL_GRP_MEMBER **members); struct aliasdb_ops *unix_initialise_alias_db(void); +/*The following definitions come from groupdb/builtindb.c */ + +BOOL initialise_builtin_db(void); +LOCAL_GRP *iterate_getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *iterate_getbuiltinrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *iterate_getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL add_domain_builtin(LOCAL_GRP **blts, int *num_blts, LOCAL_GRP *blt); +BOOL iterate_getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blts, int *num_blts); +BOOL enumdombuiltins(LOCAL_GRP **blts, int *num_blts); +void *startbuiltinent(BOOL update); +void endbuiltinent(void *vp); +LOCAL_GRP *getbuiltinent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL add_builtin_entry(LOCAL_GRP *newblt); +BOOL mod_builtin_entry(LOCAL_GRP* blt); +LOCAL_GRP *getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *getbuiltinrid(uint32 builtin_rid, LOCAL_GRP_MEMBER **mem, int *num_mem); +LOCAL_GRP *getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); +BOOL getuserbuiltinntnam(const char *user_name, LOCAL_GRP **blt, int *num_blts); +void bidb_init_blt(LOCAL_GRP *blt); +BOOL make_builtin_line(char *p, int max_len, + LOCAL_GRP *blt, + LOCAL_GRP_MEMBER **mem, int *num_mem); + +/*The following definitions come from groupdb/builtinunix.c */ + +BOOL get_unixbuiltin_members(struct group *grp, + int *num_mem, LOCAL_GRP_MEMBER **members); +struct aliasdb_ops *unix_initialise_builtin_db(void); + /*The following definitions come from groupdb/groupdb.c */ BOOL initialise_group_db(void); @@ -232,7 +261,7 @@ char *rep_inet_ntoa(struct in_addr ip); void get_sam_domain_name(void); BOOL get_member_domain_sid(void); void generate_wellknown_sids(void); -BOOL generate_sam_sid(void); +BOOL generate_sam_sid(char *domain_name); BOOL map_domain_name_to_sid(DOM_SID *sid, char **nt_domain); BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain); BOOL split_domain_name(char *fullname, char *domain, char *name); diff --git a/source3/include/rpcclient.h b/source3/include/rpcclient.h index dc2be5d2b8..4380c1236f 100644 --- a/source3/include/rpcclient.h +++ b/source3/include/rpcclient.h @@ -77,6 +77,7 @@ struct nt_client_info POLICY_HND samr_pol_connect; POLICY_HND samr_pol_open_domain; + POLICY_HND samr_pol_open_builtindom; POLICY_HND samr_pol_open_user; struct acct_info *sam; diff --git a/source3/lib/domain_namemap.c b/source3/lib/domain_namemap.c index 3de5b60785..cc96a014c4 100644 --- a/source3/lib/domain_namemap.c +++ b/source3/lib/domain_namemap.c @@ -273,8 +273,6 @@ static void delete_map_list(ubi_slList *map_list) ***************************************************************************/ static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) { - DEBUG(10,("make_mydomain_sid\n")); - if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) { DEBUG(0,("make_mydomain_sid: unknown domain %s\n", @@ -287,8 +285,10 @@ static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type) /* * only builtin aliases are recognised in S-1-5-20 */ + DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n", + grp->nt_name)); - if (!lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type)) + if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0) { DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n", grp->unix_name, grp->nt_name)); @@ -584,9 +584,6 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) if (!*unixname) continue; - DEBUG(5,("unixname = %s, ntname = %s.\n", - unixname, nt_name)); - p = strchr(nt_name, '\\'); if (p == NULL) @@ -602,9 +599,11 @@ static ubi_slList *load_name_map(DOM_MAP_TYPE type) fstrcpy(nt_group , p); } - if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type)) + if (make_name_entry(&new_ep, nt_domain, nt_group, unixname, type)) { ubi_slAddTail(map_list, (ubi_slNode *)new_ep); + DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n", + unixname, nt_domain, nt_group, new_ep->grp.type)); } } diff --git a/source3/lib/sids.c b/source3/lib/sids.c index 432c3349e3..854e9d5786 100644 --- a/source3/lib/sids.c +++ b/source3/lib/sids.c @@ -268,22 +268,24 @@ void generate_wellknown_sids(void) } /**************************************************************************** - Generate the global machine sid. Look for the MACHINE.SID file first, if - not found then look in smb.conf and use it to create the MACHINE.SID file. + Generate the global machine sid. Look for the DOMAINNAME.SID file first, if + not found then look in smb.conf and use it to create the DOMAINNAME.SID file. ****************************************************************************/ -BOOL generate_sam_sid(void) +BOOL generate_sam_sid(char *domain_name) { int fd; int i; char *p; pstring sid_file; fstring sid_string; + fstring file_name; SMB_STRUCT_STAT st; uchar raw_sid_data[12]; pstrcpy(sid_file, lp_smb_passwd_file()); p = strrchr(sid_file, '/'); - if (p != NULL) { + if (p != NULL) + { *++p = '\0'; } @@ -295,7 +297,9 @@ BOOL generate_sam_sid(void) } } - pstrcat(sid_file, "MACHINE.SID"); + slprintf(file_name, sizeof(file_name)-1, "%s.SID", domain_name); + strupper(file_name); + pstrcat(sid_file, file_name); if ((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) { DEBUG(0,("unable to open or create file %s. Error was %s\n", diff --git a/source3/lib/util_pwdb.c b/source3/lib/util_pwdb.c index 50cc0510d8..74d5ff6794 100644 --- a/source3/lib/util_pwdb.c +++ b/source3/lib/util_pwdb.c @@ -176,8 +176,6 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain, rid = builtin_alias_rids[i].rid; als_name = builtin_alias_rids[i].name; - i++; - if (strequal(als_name, alias_name)) { if (sid != NULL) @@ -193,6 +191,8 @@ uint32 lookup_builtin_alias_name(const char *alias_name, const char *domain, return 0x0; } + i++; + } while (als_name != NULL); return 0xC0000000 | NT_STATUS_NONE_MAPPED; @@ -431,9 +431,10 @@ BOOL pwdb_initialise(void) generate_wellknown_sids(); - if (!generate_sam_sid()) + if (!generate_sam_sid(global_sam_name)) { - DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); + DEBUG(0,("ERROR: Samba cannot create a SAM SID for its domain (%s).\n", + global_sam_name)); return False; } diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index abbe4ccd93..62c8f8a0cd 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -32,9 +32,7 @@ extern DOM_SID global_sam_sid; extern fstring global_sam_name; extern DOM_SID global_member_sid; extern fstring global_myworkgroup; -extern DOM_SID global_sid_S_1_1; -extern DOM_SID global_sid_S_1_3; -extern DOM_SID global_sid_S_1_5; +extern DOM_SID global_sid_S_1_5_20; /*************************************************************************** lsa_reply_open_policy2 @@ -264,7 +262,8 @@ static void make_lsa_trans_names(DOM_R_REF *ref, else if (sid_split_rid (&find_sid, &rid) && map_domain_sid_to_name(&find_sid, dom_name)) { - if (sid_equal(&find_sid, &global_sam_sid)) + if (sid_equal(&find_sid, &global_sam_sid) || + sid_equal(&find_sid, &global_sid_S_1_5_20)) { status = lookup_sid(&tmp_sid, name, &sid_name_use); } diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 0de09e6085..8972351d90 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -73,7 +73,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) { /* Static buffers we will return. */ static struct smb_passwd pw_buf; - static pstring nt_name; + static pstring unix_name; static unsigned char smbpwd[16]; static unsigned char smbntpwd[16]; char linebuf[256]; @@ -115,7 +115,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':'); + p = strncpyn(unix_name, linebuf, sizeof(unix_name), ':'); /* Go past ':' */ p++; @@ -124,7 +124,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) p = Atoic( p, &uidval, ":"); - pw_buf.nt_name = nt_name; + pw_buf.unix_name = unix_name; pw_buf.unix_uid = uidval; /* @@ -139,7 +139,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) if (*p == '*' || *p == 'X') { /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name)); + DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name)); pw_buf.smb_nt_passwd = NULL; pw_buf.smb_passwd = NULL; pw_buf.acct_ctrl |= ACB_DISABLED; @@ -194,8 +194,8 @@ static struct smb_passwd *getsmbfilepwent(void *vp) p += 33; } - DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n", - nt_name, uidval)); + DEBUG(5,("getsmbfilepwent: returning passwd entry for unix user %s, unix uid %d\n", + unix_name, uidval)); if (*p == '[') { @@ -226,7 +226,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp) * password file as 'normal accounts'. If this changes * we will have to fix this code. JRA. */ - if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$') + if (pw_buf.unix_name[strlen(pw_buf.unix_name) - 1] == '$') { pw_buf.acct_ctrl &= ~ACB_NORMAL; pw_buf.acct_ctrl |= ACB_WSTRUST; @@ -272,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) */ while ((pwd = getsmbfilepwent(fp)) != NULL) { - if (strequal(newpwd->nt_name, pwd->nt_name)) { - DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name)); + if (strequal(newpwd->unix_name, pwd->unix_name)) { + DEBUG(0, ("add_smbfilepwd_entry: entry with unix name %s already exists\n", pwd->unix_name)); endsmbfilepwent(fp); return False; } @@ -290,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); +Error was %s\n", newpwd->unix_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; + new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; if((new_entry = (char *)malloc( new_entry_length )) == NULL) { DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); +Error was %s\n", newpwd->unix_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid); + slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->unix_name, (unsigned)newpwd->unix_uid); p = &new_entry[strlen(new_entry)]; if(newpwd->smb_passwd != NULL) { @@ -349,13 +349,13 @@ Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) { DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ -Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno))); +Error was %s\n", wr_len, newpwd->unix_name, pfile, strerror(errno))); /* Remove the entry we just wrote. */ if(sys_ftruncate(fd, offpos) == -1) { DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ Error was %s. Password file may be corrupt ! Please examine by hand !\n", - newpwd->nt_name, strerror(errno))); + newpwd->unix_name, strerror(errno))); } endsmbfilepwent(fp); @@ -380,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) { /* Static buffers we will return. */ - static pstring nt_name; + static pstring unix_name; char linebuf[256]; char readbuf[1024]; @@ -498,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf)); - nt_name[PTR_DIFF(p, linebuf)] = '\0'; - if (strequal(nt_name, pwd->nt_name)) { + strncpy(unix_name, linebuf, PTR_DIFF(p, linebuf)); + unix_name[PTR_DIFF(p, linebuf)] = '\0'; + if (strequal(unix_name, pwd->unix_name)) { found_entry = True; break; } @@ -545,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!override && (*p == '*' || *p == 'X')) { /* Password deliberately invalid - end here. */ - DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name)); + DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for unix user %s\n", unix_name)); file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c index 26c6d6ff13..38f9cdf2e4 100644 --- a/source3/passdb/smbpassgroupunix.c +++ b/source3/passdb/smbpassgroupunix.c @@ -107,6 +107,7 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, if (als_rids == NULL && grp_rids == NULL) { + /* they didn't want to know the members. */ return pwdb_sam_to_smb(pw_buf); } @@ -131,6 +132,17 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, * find the unix name for each user's group. * assume the unix group is an nt name (alias? group? user?) * (user or not our own domain will be an error). + * + * oh, oh, can anyone spot what's missing heeere? + * you guessed it: built-in aliases. those are in + * Domain S-1-5-20, and NT Domain Users can only + * have lists of RIDs as groups. + * + * doesn't stop you making NT Domain Users a member + * of a BUILTIN Alias (e.g "Administrators" or "Power Users") + * it's just that there's no way to tell that from this + * API call: wrong domain, sorry. + * */ DOM_NAME_MAP gmep; diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index e8f1cac19b..087ee5dade 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -306,10 +306,11 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, if (dom_idx != 0xffffffff) { - fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); - fstrcpy(name , unistr2(t_names.uni_name[i].buffer)); + fstrcpy(dom_name, unistr2_to_str(&ref.ref_dom[dom_idx].uni_dom_name)); + fstrcpy(name , unistr2_to_str(&t_names.uni_name[i])); - slprintf(full_name, sizeof(full_name), "%s\\%s", + memset(full_name, 0, sizeof(full_name)); + slprintf(full_name, sizeof(full_name)-1, "%s\\%s", dom_name, name); (*names)[i] = strdup(full_name); diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index abbe4ccd93..62c8f8a0cd 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -32,9 +32,7 @@ extern DOM_SID global_sam_sid; extern fstring global_sam_name; extern DOM_SID global_member_sid; extern fstring global_myworkgroup; -extern DOM_SID global_sid_S_1_1; -extern DOM_SID global_sid_S_1_3; -extern DOM_SID global_sid_S_1_5; +extern DOM_SID global_sid_S_1_5_20; /*************************************************************************** lsa_reply_open_policy2 @@ -264,7 +262,8 @@ static void make_lsa_trans_names(DOM_R_REF *ref, else if (sid_split_rid (&find_sid, &rid) && map_domain_sid_to_name(&find_sid, dom_name)) { - if (sid_equal(&find_sid, &global_sam_sid)) + if (sid_equal(&find_sid, &global_sam_sid) || + sid_equal(&find_sid, &global_sid_S_1_5_20)) { status = lookup_sid(&tmp_sid, name, &sid_name_use); } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index fb613c3c51..d0f139645c 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -732,6 +732,7 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, { uint32 status = 0; + LOCAL_GRP *mem_grp = NULL; uint32 *rid = NULL; int num_rids = 0; struct sam_passwd *sam_pass; @@ -781,21 +782,32 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, if (status == 0x0) { + DEBUG(10,("sid is %s\n", dom_sid_str)); + if (sid_equal(&dom_sid, &global_sid_S_1_5_20)) { DEBUG(10,("lookup on S-1-5-20\n")); + + become_root(True); + getuserbuiltinntnam(sam_pass->nt_name, &mem_grp, &num_rids); + unbecome_root(True); } else if (sid_equal(&dom_sid, &usr_sid)) { - LOCAL_GRP *mem_grp = NULL; - num_rids = 0; - DEBUG(10,("lookup on Domain SID\n")); become_root(True); getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids); unbecome_root(True); + } + else + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + } + if (status == 0x0 && num_rids > 0) + { rid = malloc(num_rids * sizeof(uint32)); if (mem_grp != NULL && rid != NULL) { @@ -805,11 +817,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, rid[i] = mem_grp[i].rid; } free(mem_grp); - } - } - else - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; } } diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 7a65fc5c37..4d77f67b54 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -181,8 +181,10 @@ void cmd_sam_enum_users(struct client_info *info) fstring domain; fstring sid; DOM_SID sid1; + DOM_SID sid_1_5_20; int user_idx; BOOL res = True; + BOOL res1 = True; BOOL request_user_info = False; BOOL request_group_info = False; BOOL request_alias_info = False; @@ -218,6 +220,10 @@ void cmd_sam_enum_users(struct client_info *info) request_group_info |= strequal(tmp, "-g"); request_alias_info |= strequal(tmp, "-a"); } + else + { + break; + } } #ifdef DEBUG_TESTING @@ -242,6 +248,8 @@ void cmd_sam_enum_users(struct client_info *info) } #endif + string_to_sid(&sid_1_5_20, "S-1-5-32"); + fprintf(out_hnd, "SAM Enumerate Users\n"); fprintf(out_hnd, "From: %s To: %s Domain: %s SID: %s\n", info->myhostname, srv_name, domain, sid); @@ -264,6 +272,11 @@ void cmd_sam_enum_users(struct client_info *info) &info->dom.samr_pol_connect, admin_rid, &sid1, &info->dom.samr_pol_open_domain) : False; + /* connect to the S-1-5-20 domain */ + res1 = res ? do_samr_open_domain(smb_cli, + &info->dom.samr_pol_connect, admin_rid, &sid_1_5_20, + &info->dom.samr_pol_open_builtindom) : False; + /* read some users */ res = res ? do_samr_enum_dom_users(smb_cli, &info->dom.samr_pol_open_domain, @@ -275,12 +288,8 @@ void cmd_sam_enum_users(struct client_info *info) fprintf(out_hnd, "No users\n"); } - if (request_user_info || request_group_info || request_alias_info) - { /* query all the users */ - user_idx = 0; - - while (res && user_idx < info->dom.num_sam_entries) + for (user_idx = 0; res && user_idx < info->dom.num_sam_entries; user_idx++) { uint32 user_rid = info->dom.sam[user_idx].user_rid; SAM_USER_INFO_21 usr; @@ -332,16 +341,26 @@ void cmd_sam_enum_users(struct client_info *info) &info->dom.samr_pol_open_domain, &als_sid, &num_aliases, rid)) { - display_alias_rid_info(out_hnd, ACTION_HEADER , &als_sid, num_aliases, rid); - display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &als_sid, num_aliases, rid); - display_alias_rid_info(out_hnd, ACTION_FOOTER , &als_sid, num_aliases, rid); - } + display_alias_rid_info(out_hnd, ACTION_HEADER , &sid1, num_aliases, rid); + display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid1, num_aliases, rid); + display_alias_rid_info(out_hnd, ACTION_FOOTER , &sid1, num_aliases, rid); } - user_idx++; + /* send user alias query */ + if (res1 && do_samr_query_useraliases(smb_cli, + &info->dom.samr_pol_open_builtindom, + &als_sid, &num_aliases, rid)) + { + display_alias_rid_info(out_hnd, ACTION_HEADER , &sid_1_5_20, num_aliases, rid); + display_alias_rid_info(out_hnd, ACTION_ENUMERATE, &sid_1_5_20, num_aliases, rid); + display_alias_rid_info(out_hnd, ACTION_FOOTER , &sid_1_5_20, num_aliases, rid); + } } } + res1 = res1 ? do_samr_close(smb_cli, + &info->dom.samr_pol_open_builtindom) : False; + res = res ? do_samr_close(smb_cli, &info->dom.samr_pol_open_domain) : False; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 3a32e1871f..7a16d8abf3 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -676,6 +676,11 @@ static void usage(char *pname) exit(1); } + if(!initialise_builtin_db()) + { + exit(1); + } + if (!get_member_domain_sid()) { DEBUG(0,("ERROR: Samba cannot obtain PDC SID from PDC(s) %s.\n", -- cgit