From 5ebcdbae9b0eb05570613bd939af9fc827920a29 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 25 Nov 1998 23:54:30 +0000 Subject: yeehaah got users to be included in S-1-5-xxx-yyy-zzz's local groups. now need search capability on S-1-5-20, which will need argh, a "group database API" on S-1-5-20, and the ability to add BUILTIN\Admins etc to "local group map" argh. (This used to be commit a24f6eb00ba7486479cbcf7fadf5456521c56179) --- source3/groupdb/aliasunix.c | 45 ++++++++++++++++++++++++++++++------------ source3/include/proto.h | 6 +++--- source3/include/rpc_samr.h | 16 +++++++-------- source3/rpc_parse/parse_samr.c | 16 +++++++-------- source3/rpc_server/srv_samr.c | 38 +++++++++++++++++------------------ 5 files changed, 70 insertions(+), 51 deletions(-) (limited to 'source3') diff --git a/source3/groupdb/aliasunix.c b/source3/groupdb/aliasunix.c index 5c9a305780..b9d9dc6856 100644 --- a/source3/groupdb/aliasunix.c +++ b/source3/groupdb/aliasunix.c @@ -66,30 +66,51 @@ static BOOL setalsunixpwpos(void *vp, SMB_BIG_UINT tok) } /************************************************************************* - maps a unix group to a rid, domain sid and an nt alias name. + maps a unix group to a domain sid and an nt alias name. *************************************************************************/ -static void map_unix_als_to_nt_als(struct group *unix_als, char *nt_name, DOM_SID *sid, uint32 *rid) +static void map_unix_grp_to_nt_als(char *unix_name, + struct group *unix_grp, char *nt_name, DOM_SID *sid) { - if (map_alias_gid(unix_als->gr_gid, sid, nt_name, NULL)) + BOOL found = False; + uint32 rid; + fstring ntname; + fstring ntdomain; + + if (isdigit(unix_name[0])) + { + unix_grp->gr_gid = get_number(unix_name); + unix_grp->gr_name = unix_name; + found = map_alias_gid(unix_grp->gr_gid, sid, ntname, ntdomain); + } + else + { + unix_grp->gr_name = unix_name; + found = map_unix_alias_name(unix_grp->gr_name, sid, ntname, ntdomain); + } + + if (found) { /* * find the NT name represented by this UNIX gid. - * then, only accept NT aliases that are in our domain + * then, only accept NT aliass that are in our domain */ - sid_split_rid(sid, rid); + sid_split_rid(sid, &rid); } else { /* - * assume that the UNIX alias is an NT alias with + * assume that the UNIX group is an NT alias with * the same name. convert gid to a alias rid. */ - fstrcpy(nt_name, unix_als->gr_name); + fstrcpy(ntdomain, global_sam_name); + fstrcpy(ntname, unix_grp->gr_name); sid_copy(sid, &global_sam_sid); - (*rid) = pwdb_gid_to_alias_rid(unix_als->gr_gid); } + + slprintf(nt_name, sizeof(fstring)-1, "\\%s\\%s", + ntdomain, ntname); } /************************************************************************* @@ -113,13 +134,11 @@ BOOL get_unixalias_members(struct group *als, for (i = 0; (unix_name = als->gr_mem[i]) != NULL; i++) { DOM_SID sid; - BOOL found = False; - - found = map_unix_alias_name(unix_name, &sid, nt_name, NULL); + struct group unix_grp; - found = found ? sid_equal(&sid, &global_sam_sid) : False; + map_unix_grp_to_nt_als(unix_name, &unix_grp, nt_name, &sid); - if (!found) + if (!sid_equal(&sid, &global_sam_sid)) { DEBUG(0,("alias database: could not resolve name %s in domain %s\n", unix_name, global_sam_name)); diff --git a/source3/include/proto.h b/source3/include/proto.h index a70c51f167..685248fa47 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1986,10 +1986,10 @@ void make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, uint16 switch_value, char *acct_desc, uint32 status); void samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO *r_u, prs_struct *ps, int depth); -void samr_io_q_lookup_ids(char *desc, SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, int depth); -void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u, +void samr_io_q_query_useraliases(char *desc, SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *ps, int depth); +void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u, uint32 num_rids, uint32 *rid, uint32 status); -void samr_io_r_lookup_ids(char *desc, SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, int depth); +void samr_io_r_query_useraliases(char *desc, SAMR_R_QUERY_USERALIASES *r_u, prs_struct *ps, int depth); void samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth); void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, uint32 num_rids, uint32 *rid, uint8 *type, uint32 status); diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 3291436007..d373cff8c7 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -80,7 +80,7 @@ SamrTestPrivateFunctionsUser #define SAMR_CLOSE_HND 0x01 #define SAMR_OPEN_DOMAIN 0x07 #define SAMR_QUERY_DOMAIN_INFO 0x08 -#define SAMR_LOOKUP_IDS 0x10 +#define SAMR_QUERY_USERALIASES 0x10 #define SAMR_LOOKUP_NAMES 0x11 #define SAMR_UNKNOWN_3 0x03 #define SAMR_QUERY_DISPINFO 0x28 @@ -760,14 +760,14 @@ typedef struct r_samr_query_user_info /**************************************************************************** -SAMR_Q_LOOKUP_IDS - do a conversion from name to RID. +SAMR_Q_QUERY_USERALIASES - do a conversion from name to RID. the policy handle allocated by an "samr open secret" call is associated with a SID. this policy handle is what is queried here, *not* the SID itself. the response to the lookup rids is relative to this SID. *****************************************************************************/ -/* SAMR_Q_LOOKUP_IDS */ -typedef struct q_samr_lookup_ids_info +/* SAMR_Q_QUERY_USERALIASES */ +typedef struct q_samr_query_useraliases_info { POLICY_HND pol; /* policy handle */ @@ -778,11 +778,11 @@ typedef struct q_samr_lookup_ids_info uint32 ptr_sid[MAX_LOOKUP_SIDS]; /* pointers to sids to be looked up */ DOM_SID2 sid [MAX_LOOKUP_SIDS]; /* sids to be looked up. */ -} SAMR_Q_LOOKUP_IDS; +} SAMR_Q_QUERY_USERALIASES; -/* SAMR_R_LOOKUP_IDS */ -typedef struct r_samr_lookup_ids_info +/* SAMR_R_QUERY_USERALIASES */ +typedef struct r_samr_query_useraliases_info { uint32 num_entries; uint32 ptr; /* undocumented buffer pointer */ @@ -792,7 +792,7 @@ typedef struct r_samr_lookup_ids_info uint32 status; /* return code */ -} SAMR_R_LOOKUP_IDS; +} SAMR_R_QUERY_USERALIASES; /**************************************************************************** diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index f4c6d75707..da13e1033b 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1646,16 +1646,16 @@ void samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO *r_u, prs_str } /******************************************************************* -reads or writes a SAMR_Q_LOOKUP_IDS structure. +reads or writes a SAMR_Q_QUERY_USERALIASES structure. ********************************************************************/ -void samr_io_q_lookup_ids(char *desc, SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, int depth) +void samr_io_q_query_useraliases(char *desc, SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *ps, int depth) { fstring tmp; int i; if (q_u == NULL) return; - prs_debug(ps, depth, desc, "samr_io_q_lookup_ids"); + prs_debug(ps, depth, desc, "samr_io_q_query_useraliases"); depth++; prs_align(ps); @@ -1690,15 +1690,15 @@ void samr_io_q_lookup_ids(char *desc, SAMR_Q_LOOKUP_IDS *q_u, prs_struct *ps, i /******************************************************************* -makes a SAMR_R_LOOKUP_IDS structure. +makes a SAMR_R_QUERY_USERALIASES structure. ********************************************************************/ -void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u, +void make_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES *r_u, uint32 num_rids, uint32 *rid, uint32 status) { int i; if (r_u == NULL) return; - DEBUG(5,("make_samr_r_lookup_ids\n")); + DEBUG(5,("make_samr_r_query_useraliases\n")); if (status == 0x0) { @@ -1726,13 +1726,13 @@ void make_samr_r_lookup_ids(SAMR_R_LOOKUP_IDS *r_u, /******************************************************************* reads or writes a structure. ********************************************************************/ -void samr_io_r_lookup_ids(char *desc, SAMR_R_LOOKUP_IDS *r_u, prs_struct *ps, int depth) +void samr_io_r_query_useraliases(char *desc, SAMR_R_QUERY_USERALIASES *r_u, prs_struct *ps, int depth) { fstring tmp; int i; if (r_u == NULL) return; - prs_debug(ps, depth, desc, "samr_io_r_lookup_ids"); + prs_debug(ps, depth, desc, "samr_io_r_query_useraliases"); depth++; prs_align(ps); diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index e3f2a57a95..ff782a7248 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -742,9 +742,9 @@ static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct /******************************************************************* - samr_reply_lookup_ids + samr_reply_query_useraliases ********************************************************************/ -static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, +static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, prs_struct *rdata) { uint32 rid[MAX_SAM_ENTRIES]; @@ -759,9 +759,9 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, fstring dom_sid_str; fstring usr_sid_str; - SAMR_R_LOOKUP_IDS r_u; + SAMR_R_QUERY_USERALIASES r_u; - DEBUG(5,("samr_lookup_ids: %d\n", __LINE__)); + DEBUG(5,("samr_query_useraliases: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid)) @@ -777,7 +777,7 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, if (num_rids > MAX_SAM_ENTRIES) { num_rids = MAX_SAM_ENTRIES; - DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids)); + DEBUG(5,("samr_query_useraliases: truncating entries to %d\n", num_rids)); } if (status == 0x0) @@ -806,16 +806,16 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, { if (sid_equal(&dom_sid, &global_sid_S_1_5_20)) { - DEBUG(5,("lookup on S-1-5-20\n")); + DEBUG(10,("lookup on S-1-5-20\n")); } else if (sid_equal(&dom_sid, &usr_sid)) { - DOMAIN_GRP *mem_grp = NULL; + LOCAL_GRP *mem_grp = NULL; - DEBUG(5,("lookup on Domain SID\n")); + DEBUG(10,("lookup on Domain SID\n")); become_root(True); - getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids); + getuseraliasnam(sam_pass->smb_name, &mem_grp, &num_rids); unbecome_root(True); num_rids = MIN(num_rids, MAX_SAM_ENTRIES); @@ -835,27 +835,27 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, } } - make_samr_r_lookup_ids(&r_u, num_rids, rid, status); + make_samr_r_query_useraliases(&r_u, num_rids, rid, status); /* store the response in the SMB stream */ - samr_io_r_lookup_ids("", &r_u, rdata, 0); + samr_io_r_query_useraliases("", &r_u, rdata, 0); - DEBUG(5,("samr_lookup_ids: %d\n", __LINE__)); + DEBUG(5,("samr_query_useraliases: %d\n", __LINE__)); } /******************************************************************* - api_samr_lookup_ids + api_samr_query_useraliases ********************************************************************/ -static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdata) +static void api_samr_query_useraliases( uint16 vuid, prs_struct *data, prs_struct *rdata) { - SAMR_Q_LOOKUP_IDS q_u; + SAMR_Q_QUERY_USERALIASES q_u; /* grab the samr 0x10 */ - samr_io_q_lookup_ids("", &q_u, data, 0); + samr_io_q_query_useraliases("", &q_u, data, 0); /* construct reply. always indicate success */ - samr_reply_lookup_ids(&q_u, rdata); + samr_reply_query_useraliases(&q_u, rdata); } /******************************************************************* @@ -1750,11 +1750,11 @@ static struct api_struct api_samr_cmds [] = { "SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users }, { "SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups }, { "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases }, - { "SAMR_LOOKUP_IDS" , SAMR_LOOKUP_IDS , api_samr_lookup_ids }, + { "SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases}, { "SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names }, { "SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user }, { "SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo }, - { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info }, + { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info }, { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups }, { "SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo }, { "SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo }, -- cgit