From a4276507e43487f47445eab11d4ac1b080b3270e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 14 May 1998 01:30:40 +0000 Subject: chgpasswd.c: Added comments to #ifdefs ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5) --- source3/include/proto.h | 20 +- source3/include/rpc_misc.h | 4 + source3/lib/util.c | 72 ++++++- source3/lib/util_hnd.c | 29 +-- source3/lsarpcd/srv_lsa.c | 75 ++++---- source3/rpc_client/cli_samr.c | 2 +- source3/rpc_parse/parse_lsa.c | 4 +- source3/rpc_parse/parse_misc.c | 61 +----- source3/rpc_parse/parse_net.c | 6 +- source3/rpc_parse/parse_samr.c | 6 +- source3/rpc_server/srv_lsa.c | 75 ++++---- source3/rpc_server/srv_lsa_hnd.c | 29 +-- source3/rpc_server/srv_netlog.c | 402 ++++++++++++++++++++------------------- source3/rpc_server/srv_samr.c | 7 +- source3/rpc_server/srv_util.c | 117 +++++++----- source3/smbd/chgpasswd.c | 4 +- source3/smbd/ipc.c | 5 +- 17 files changed, 491 insertions(+), 427 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index e574861b65..7f7322122e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -297,8 +297,8 @@ void make_q_query(LSA_Q_QUERY_INFO *q_q, POLICY_HND *hnd, uint16 info_class); void lsa_io_q_query(char *desc, LSA_Q_QUERY_INFO *q_q, prs_struct *ps, int depth); void lsa_io_q_enum_trust_dom(char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct *ps, int depth); void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, - uint32 enum_context, char *domain_name, char *domain_sid, - uint32 status); + uint32 enum_context, char *domain_name, DOM_SID *domain_sid, + uint32 status); void lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, prs_struct *ps, int depth); void make_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd); void lsa_io_q_close(char *desc, LSA_Q_CLOSE *q_c, prs_struct *ps, int depth); @@ -320,9 +320,8 @@ void smb_io_lookup_level(char *desc, LOOKUP_LEVEL *level, prs_struct *ps, int de uint32 get_enum_hnd(ENUM_HND *enh); void make_enum_hnd(ENUM_HND *enh, uint32 hnd); void smb_io_enum_hnd(char *desc, ENUM_HND *hnd, prs_struct *ps, int depth); -void make_dom_sid(DOM_SID *sid, char *str_sid); void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth); -void make_dom_sid2(DOM_SID2 *sid, char *str_sid); +void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid); void smb_io_dom_sid2(char *desc, DOM_SID2 *sid, prs_struct *ps, int depth); void make_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer); void smb_io_strhdr(char *desc, STRHDR *hdr, prs_struct *ps, int depth); @@ -459,7 +458,7 @@ void make_net_user_info3(NET_USER_INFO_3 *usr, char *logon_srv, char *logon_dom, - char *dom_sid, + DOM_SID *dom_sid, char *other_sids); void net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, int depth); void net_io_q_sam_logon(char *desc, NET_Q_SAM_LOGON *q_l, prs_struct *ps, int depth); @@ -562,7 +561,7 @@ void make_samr_q_close_hnd(SAMR_Q_CLOSE_HND *q_c, POLICY_HND *hnd); void samr_io_q_close_hnd(char *desc, SAMR_Q_CLOSE_HND *q_u, prs_struct *ps, int depth); void samr_io_r_close_hnd(char *desc, SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int depth); void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u, - POLICY_HND *connect_pol, uint32 rid, char *sid); + POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid); void samr_io_q_open_domain(char *desc, SAMR_Q_OPEN_DOMAIN *q_u, prs_struct *ps, int depth); void samr_io_r_open_domain(char *desc, SAMR_R_OPEN_DOMAIN *r_u, prs_struct *ps, int depth); void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, @@ -571,7 +570,7 @@ void samr_io_q_unknown_8(char *desc, SAMR_Q_UNKNOWN_8 *q_u, prs_struct *ps, int void make_samr_q_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, POLICY_HND *user_pol, uint16 switch_value); void samr_io_q_unknown_3(char *desc, SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int depth); -void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sid); +void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sidstr); void sam_io_dom_sid3(char *desc, DOM_SID3 *sid3, prs_struct *ps, int depth); void make_sam_sid_stuff(SAM_SID_STUFF *stf, uint16 unknown_2, uint16 unknown_3, @@ -909,7 +908,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data); /*The following definitions come from lib/rpc/server/srv_util.c */ -int make_dom_gids(char *gids_str, DOM_GID *gids); +int make_dom_gids(char *gids_str, DOM_GID **ppgids); BOOL create_rpc_reply(pipes_struct *p, uint32 data_start, uint32 data_end); BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds, @@ -2043,8 +2042,6 @@ int struni2(uint16 *p, char *buf); char *unistr(char *buf); int unistrncpy(char *dst, char *src, int len); int unistrcpy(char *dst, char *src); -void fstrcpy(char *dest, char *src); -void fstrcat(char *dest, char *src); char *safe_strcpy(char *dest, char *src, int maxlength); char *safe_strcat(char *dest, char *src, int maxlength); char *align4(char *q, char *base); @@ -2053,7 +2050,8 @@ char *align_offset(char *q, char *base, int align_offset_len); void print_asc(int level, unsigned char *buf,int len); void dump_data(int level,char *buf1,int len); char *tab_depth(int depth); -char *dom_sid_to_string(DOM_SID *sid); +char *sid_to_string(pstring sidstr_out, DOM_SID *sid); +BOOL string_to_sid(DOM_SID *sidout, char *sidstr); /*The following definitions come from web/cgi.c */ diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h index c6e0d8d5ee..7406916cce 100644 --- a/source3/include/rpc_misc.h +++ b/source3/include/rpc_misc.h @@ -85,6 +85,10 @@ typedef struct sid_info uint8 sid_rev_num; /* SID revision number */ uint8 num_auths; /* number of sub-authorities */ uint8 id_auth[6]; /* Identifier Authority */ + /* + * Note that the values in these uint32's are in *native* byteorder, + * not neccessarily little-endian...... JRA. + */ uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */ } DOM_SID; diff --git a/source3/lib/util.c b/source3/lib/util.c index 1e4a6fc27f..503ee2bf81 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -4943,29 +4943,85 @@ char *tab_depth(int depth) } /***************************************************************** - Convert a domain SID to an ascii string. (non-reentrant). + Convert a SID to an ascii string. *****************************************************************/ -/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ -char *dom_sid_to_string(DOM_SID *sid) +char *sid_to_string(pstring sidstr_out, DOM_SID *sid) { - static pstring sidstr; char subauth[16]; int i; + /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ uint32 ia = (sid->id_auth[5]) + (sid->id_auth[4] << 8 ) + (sid->id_auth[3] << 16) + (sid->id_auth[2] << 24); - slprintf(sidstr, sizeof(sidstr) - 1, "S-%d-%d", sid->sid_rev_num, ia); + slprintf(sidstr_out, sizeof(pstring) - 1, "S-%d-%d", sid->sid_rev_num, ia); for (i = 0; i < sid->num_auths; i++) { slprintf(subauth, sizeof(subauth)-1, "-%d", sid->sub_auths[i]); - pstrcat(sidstr, subauth); + pstrcat(sidstr_out, subauth); } - DEBUG(7,("dom_sid_to_string returning %s\n", sidstr)); - return sidstr; + DEBUG(7,("sid_to_string returning %s\n", sidstr_out)); + return sidstr_out; } +/***************************************************************** + Convert a string to a SID. Returns True on success, False on fail. +*****************************************************************/ + +BOOL string_to_sid(DOM_SID *sidout, char *sidstr) +{ + pstring tok; + char *p = sidstr; + /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ + uint32 ia; + + memset((char *)sidout, '\0', sizeof(DOM_SID)); + + if(StrnCaseCmp( sidstr, "S-", 2)) { + DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr)); + return False; + } + + p += 2; + if(!next_token(&p, tok, "-")) { + DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); + return False; + } + + /* Get the revision number. */ + sidout->sid_rev_num = atoi(tok); + + if(!next_token(&p, tok, "-")) { + DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr)); + return False; + } + + /* identauth in decimal should be < 2^32 */ + ia = atoi(tok); + + /* NOTE - the ia value is in big-endian format. */ + sidout->id_auth[0] = 0; + sidout->id_auth[1] = 0; + sidout->id_auth[2] = (ia & 0xff000000) >> 24; + sidout->id_auth[3] = (ia & 0x00ff0000) >> 16; + sidout->id_auth[4] = (ia & 0x0000ff00) >> 8; + sidout->id_auth[5] = (ia & 0x000000ff); + + sidout->num_auths = 0; + + while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) { + /* + * NOTE - the subauths are in native machine-endian format. They + * are converted to little-endian when linearized onto the wire. + */ + sidout->sub_auths[sidout->num_auths++] = atoi(tok); + } + + DEBUG(7,("string_to_sid: converted SID %s ok\n", sidstr)); + + return True; +} diff --git a/source3/lib/util_hnd.c b/source3/lib/util_hnd.c index 1d1341d16e..91844ee8a2 100644 --- a/source3/lib/util_hnd.c +++ b/source3/lib/util_hnd.c @@ -206,22 +206,23 @@ BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status) ****************************************************************************/ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) { - int pnum = find_lsa_policy_by_hnd(hnd); + pstring sidstr; + int pnum = find_lsa_policy_by_hnd(hnd); - if (OPEN_POL(pnum)) - { - DEBUG(3,("%s Setting policy sid=%s pnum=%x\n", - timestring(), dom_sid_to_string(sid), pnum)); + if (OPEN_POL(pnum)) + { + DEBUG(3,("%s Setting policy sid=%s pnum=%x\n", + timestring(), sid_to_string(sidstr, sid), pnum)); - memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid)); - return True; - } - else - { - DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n", - timestring(), dom_sid_to_string(sid), pnum)); - return False; - } + memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid)); + return True; + } + else + { + DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n", + timestring(), sid_to_string(sidstr, sid), pnum)); + return False; + } } /**************************************************************************** diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index 60b74cf599..df4b95db9e 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -6,7 +6,8 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * + * Copyright (C) Jeremy Allison 1998. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -52,7 +53,7 @@ static void lsa_reply_open_policy(prs_struct *rdata) /*************************************************************************** make_dom_query ***************************************************************************/ -static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid) +static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) { int domlen = strlen(dom_name); @@ -73,7 +74,7 @@ lsa_reply_query_info ***************************************************************************/ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct *rdata, - uint32 enum_context, char *dom_name, char *dom_sid) + uint32 enum_context, char *dom_name, DOM_SID *dom_sid) { LSA_R_ENUM_TRUST_DOM r_e; @@ -89,7 +90,7 @@ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e, lsa_reply_query_info ***************************************************************************/ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, - char *dom_name, char *dom_sid) + char *dom_name, DOM_SID *dom_sid) { LSA_R_QUERY_INFO r_q; @@ -112,14 +113,10 @@ make_dom_ref pretty much hard-coded choice of "other" sids, unfortunately... ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) +static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { int len_dom_name = strlen(dom_name); - int len_other_sid1 = strlen(other_sid1); - int len_other_sid2 = strlen(other_sid2); - int len_other_sid3 = strlen(other_sid3); ref->undoc_buffer = 1; ref->num_ref_doms_1 = 4; @@ -128,9 +125,9 @@ static void make_dom_ref(DOM_R_REF *ref, ref->num_ref_doms_2 = 4; make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0); - make_uni_hdr2(&(ref->hdr_ref_dom[0]), len_other_sid1, len_other_sid1, 0); - make_uni_hdr2(&(ref->hdr_ref_dom[1]), len_other_sid2, len_other_sid2, 0); - make_uni_hdr2(&(ref->hdr_ref_dom[2]), len_other_sid3, len_other_sid3, 0); + make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0); + make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0); + make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0); if (dom_name != NULL) { @@ -148,8 +145,8 @@ make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) + char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { int i; @@ -232,8 +229,8 @@ lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) + char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -254,8 +251,8 @@ lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) + char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { LSA_R_LOOKUP_RIDS r_l; @@ -309,16 +306,16 @@ static void api_lsa_query_info( int uid, prs_struct *data, { LSA_Q_QUERY_INFO q_i; pstring dom_name; - pstring dom_sid; + DOM_SID dom_sid; /* grab the info class and policy handle */ lsa_io_q_query("", &q_i, data, 0); pstrcpy(dom_name, lp_workgroup()); - pstrcpy(dom_sid , lp_domain_sid()); + string_to_sid(&dom_sid, lp_domain_sid()); /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, dom_sid); + lsa_reply_query_info(&q_i, rdata, dom_name, &dom_sid); } /*************************************************************************** @@ -329,19 +326,26 @@ static void api_lsa_lookup_sids( int uid, prs_struct *data, { LSA_Q_LOOKUP_SIDS q_l; pstring dom_name; - pstring dom_sid; + DOM_SID dom_sid; + DOM_SID sid_S_1_1; + DOM_SID sid_S_1_3; + DOM_SID sid_S_1_5; /* grab the info class and policy handle */ lsa_io_q_lookup_sids("", &q_l, data, 0); pstrcpy(dom_name, lp_workgroup()); - pstrcpy(dom_sid , lp_domain_sid()); + + string_to_sid(&dom_sid , lp_domain_sid()); + string_to_sid(&sid_S_1_1, "S-1-1"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); /* construct reply. return status is always 0x0 */ lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - dom_name, dom_sid, /* domain name, domain SID */ - "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */ + q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ + dom_name, &dom_sid, /* domain name, domain SID */ + &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ } /*************************************************************************** @@ -353,7 +357,10 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, int i; LSA_Q_LOOKUP_RIDS q_l; pstring dom_name; - pstring dom_sid; + DOM_SID dom_sid; + DOM_SID sid_S_1_1; + DOM_SID sid_S_1_3; + DOM_SID sid_S_1_5; uint32 dom_rids[MAX_LOOKUP_SIDS]; uint32 dummy_g_rid; @@ -361,7 +368,11 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, lsa_io_q_lookup_rids("", &q_l, data, 0); pstrcpy(dom_name, lp_workgroup()); - pstrcpy(dom_sid , lp_domain_sid()); + + string_to_sid(&dom_sid , lp_domain_sid()); + string_to_sid(&sid_S_1_1, "S-1-1"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) @@ -376,9 +387,9 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, - q_l.num_entries, dom_rids, /* text-converted SIDs */ - dom_name, dom_sid, /* domain name, domain SID */ - "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */ + q_l.num_entries, dom_rids, /* text-converted SIDs */ + dom_name, &dom_sid, /* domain name, domain SID */ + &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ } /*************************************************************************** diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 7a04d8ec35..7089cd09fa 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -362,7 +362,7 @@ BOOL do_samr_open_user(struct cli_state *cli, int t_idx, uint16 fnum, do a SAMR Open Domain ****************************************************************************/ BOOL do_samr_open_domain(struct cli_state *cli, int t_idx, uint16 fnum, - POLICY_HND *connect_pol, uint32 rid, char *sid, + POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid, POLICY_HND *domain_pol) { prs_struct data; diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 202c3b6da3..6bd916ed32 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -247,8 +247,8 @@ void lsa_io_q_enum_trust_dom(char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct makes an LSA_R_ENUM_TRUST_DOM structure. ********************************************************************/ void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, - uint32 enum_context, char *domain_name, char *domain_sid, - uint32 status) + uint32 enum_context, char *domain_name, DOM_SID *domain_sid, + uint32 status) { if (r_e == NULL) return; diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index b46bcd9f89..35ca6c9553 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -115,61 +115,6 @@ void smb_io_enum_hnd(char *desc, ENUM_HND *hnd, prs_struct *ps, int depth) } } -/******************************************************************* -creates a DOM_SID structure. - -BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 -identauth >= 2^32 can be detected because it will be specified in hex - -********************************************************************/ -void make_dom_sid(DOM_SID *sid, char *str_sid) -{ - pstring domsid; - int identauth; - char *p; - - if (sid == NULL) return; - - if (domsid == NULL) - { - DEBUG(4,("netlogon domain SID: none\n")); - sid->sid_rev_num = 0; - sid->num_auths = 0; - return; - } - - pstrcpy(domsid, str_sid); - - DEBUG(4,("make_dom_sid %d SID: %s\n", __LINE__, domsid)); - - /* assume, but should check, that domsid starts "S-" */ - p = strtok(domsid+2,"-"); - sid->sid_rev_num = atoi(p); - - /* identauth in decimal should be < 2^32 */ - /* identauth in hex should be >= 2^32 */ - identauth = atoi(strtok(0,"-")); - - DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num)); - DEBUG(4,("netlogon %s ia %d\n", p, identauth)); - - sid->id_auth[0] = 0; - sid->id_auth[1] = 0; - sid->id_auth[2] = (identauth & 0xff000000) >> 24; - sid->id_auth[3] = (identauth & 0x00ff0000) >> 16; - sid->id_auth[4] = (identauth & 0x0000ff00) >> 8; - sid->id_auth[5] = (identauth & 0x000000ff); - - sid->num_auths = 0; - - while ((p = strtok(0, "-")) != NULL && sid->num_auths < MAXSUBAUTHS) - { - sid->sub_auths[sid->num_auths++] = atoi(p); - } - - DEBUG(4,("make_dom_sid: %d SID: %s\n", __LINE__, domsid)); -} - /******************************************************************* reads or writes a DOM_SID structure. ********************************************************************/ @@ -203,10 +148,10 @@ void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth) /******************************************************************* creates a DOM_SID2 structure. ********************************************************************/ -void make_dom_sid2(DOM_SID2 *sid, char *str_sid) +void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid) { - make_dom_sid(&(sid->sid), str_sid); - sid->num_auths = sid->sid.num_auths; + sid2->sid = *sid; + sid2->num_auths = sid2->sid.num_auths; } /******************************************************************* diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index c74ace8d63..fd9f7255de 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -560,7 +560,9 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids) for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++) { - make_dom_sid2(&sids[count], s2); + DOM_SID tmpsid; + string_to_sid(&tmpsid, s2); + make_dom_sid2(&sids[count], &tmpsid); } return count; @@ -908,7 +910,7 @@ void make_net_user_info3(NET_USER_INFO_3 *usr, char *logon_srv, char *logon_dom, - char *dom_sid, + DOM_SID *dom_sid, char *other_sids) { /* only cope with one "other" sid, right now. */ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 44248bfc64..09c47ab25a 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -78,7 +78,7 @@ void samr_io_r_close_hnd(char *desc, SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int reads or writes a structure. ********************************************************************/ void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u, - POLICY_HND *connect_pol, uint32 rid, char *sid) + POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid) { if (q_u == NULL) return; @@ -204,11 +204,11 @@ void samr_io_q_unknown_3(char *desc, SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int calculate length by adding up the size of the components. ********************************************************************/ -void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sid) +void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sidstr) { if (sid3 == NULL) return; - make_dom_sid(&(sid3->sid), sid); + string_to_sid(&(sid3->sid), sidstr); sid3->len = 2 + 8 + sid3->sid.num_auths * 4; } diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 60b74cf599..df4b95db9e 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -6,7 +6,8 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * + * Copyright (C) Jeremy Allison 1998. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -52,7 +53,7 @@ static void lsa_reply_open_policy(prs_struct *rdata) /*************************************************************************** make_dom_query ***************************************************************************/ -static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid) +static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) { int domlen = strlen(dom_name); @@ -73,7 +74,7 @@ lsa_reply_query_info ***************************************************************************/ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct *rdata, - uint32 enum_context, char *dom_name, char *dom_sid) + uint32 enum_context, char *dom_name, DOM_SID *dom_sid) { LSA_R_ENUM_TRUST_DOM r_e; @@ -89,7 +90,7 @@ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e, lsa_reply_query_info ***************************************************************************/ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, - char *dom_name, char *dom_sid) + char *dom_name, DOM_SID *dom_sid) { LSA_R_QUERY_INFO r_q; @@ -112,14 +113,10 @@ make_dom_ref pretty much hard-coded choice of "other" sids, unfortunately... ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) +static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { int len_dom_name = strlen(dom_name); - int len_other_sid1 = strlen(other_sid1); - int len_other_sid2 = strlen(other_sid2); - int len_other_sid3 = strlen(other_sid3); ref->undoc_buffer = 1; ref->num_ref_doms_1 = 4; @@ -128,9 +125,9 @@ static void make_dom_ref(DOM_R_REF *ref, ref->num_ref_doms_2 = 4; make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0); - make_uni_hdr2(&(ref->hdr_ref_dom[0]), len_other_sid1, len_other_sid1, 0); - make_uni_hdr2(&(ref->hdr_ref_dom[1]), len_other_sid2, len_other_sid2, 0); - make_uni_hdr2(&(ref->hdr_ref_dom[2]), len_other_sid3, len_other_sid3, 0); + make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0); + make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0); + make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0); if (dom_name != NULL) { @@ -148,8 +145,8 @@ make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) + char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { int i; @@ -232,8 +229,8 @@ lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) + char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -254,8 +251,8 @@ lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - char *dom_name, char *dom_sid, - char *other_sid1, char *other_sid2, char *other_sid3) + char *dom_name, DOM_SID *dom_sid, + DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3) { LSA_R_LOOKUP_RIDS r_l; @@ -309,16 +306,16 @@ static void api_lsa_query_info( int uid, prs_struct *data, { LSA_Q_QUERY_INFO q_i; pstring dom_name; - pstring dom_sid; + DOM_SID dom_sid; /* grab the info class and policy handle */ lsa_io_q_query("", &q_i, data, 0); pstrcpy(dom_name, lp_workgroup()); - pstrcpy(dom_sid , lp_domain_sid()); + string_to_sid(&dom_sid, lp_domain_sid()); /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, dom_sid); + lsa_reply_query_info(&q_i, rdata, dom_name, &dom_sid); } /*************************************************************************** @@ -329,19 +326,26 @@ static void api_lsa_lookup_sids( int uid, prs_struct *data, { LSA_Q_LOOKUP_SIDS q_l; pstring dom_name; - pstring dom_sid; + DOM_SID dom_sid; + DOM_SID sid_S_1_1; + DOM_SID sid_S_1_3; + DOM_SID sid_S_1_5; /* grab the info class and policy handle */ lsa_io_q_lookup_sids("", &q_l, data, 0); pstrcpy(dom_name, lp_workgroup()); - pstrcpy(dom_sid , lp_domain_sid()); + + string_to_sid(&dom_sid , lp_domain_sid()); + string_to_sid(&sid_S_1_1, "S-1-1"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); /* construct reply. return status is always 0x0 */ lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - dom_name, dom_sid, /* domain name, domain SID */ - "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */ + q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ + dom_name, &dom_sid, /* domain name, domain SID */ + &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ } /*************************************************************************** @@ -353,7 +357,10 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, int i; LSA_Q_LOOKUP_RIDS q_l; pstring dom_name; - pstring dom_sid; + DOM_SID dom_sid; + DOM_SID sid_S_1_1; + DOM_SID sid_S_1_3; + DOM_SID sid_S_1_5; uint32 dom_rids[MAX_LOOKUP_SIDS]; uint32 dummy_g_rid; @@ -361,7 +368,11 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, lsa_io_q_lookup_rids("", &q_l, data, 0); pstrcpy(dom_name, lp_workgroup()); - pstrcpy(dom_sid , lp_domain_sid()); + + string_to_sid(&dom_sid , lp_domain_sid()); + string_to_sid(&sid_S_1_1, "S-1-1"); + string_to_sid(&sid_S_1_3, "S-1-3"); + string_to_sid(&sid_S_1_5, "S-1-5"); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) @@ -376,9 +387,9 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, - q_l.num_entries, dom_rids, /* text-converted SIDs */ - dom_name, dom_sid, /* domain name, domain SID */ - "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */ + q_l.num_entries, dom_rids, /* text-converted SIDs */ + dom_name, &dom_sid, /* domain name, domain SID */ + &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */ } /*************************************************************************** diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index 1d1341d16e..91844ee8a2 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -206,22 +206,23 @@ BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status) ****************************************************************************/ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) { - int pnum = find_lsa_policy_by_hnd(hnd); + pstring sidstr; + int pnum = find_lsa_policy_by_hnd(hnd); - if (OPEN_POL(pnum)) - { - DEBUG(3,("%s Setting policy sid=%s pnum=%x\n", - timestring(), dom_sid_to_string(sid), pnum)); + if (OPEN_POL(pnum)) + { + DEBUG(3,("%s Setting policy sid=%s pnum=%x\n", + timestring(), sid_to_string(sidstr, sid), pnum)); - memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid)); - return True; - } - else - { - DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n", - timestring(), dom_sid_to_string(sid), pnum)); - return False; - } + memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid)); + return True; + } + else + { + DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n", + timestring(), sid_to_string(sidstr, sid), pnum)); + return False; + } } /**************************************************************************** diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 958f0bf14d..edc2d859df 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -6,7 +6,8 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * + * Copyright (C) Jeremy Allison 1998. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -563,200 +564,213 @@ static void api_net_sam_logon( int uid, prs_struct *data, prs_struct *rdata) { - NET_Q_SAM_LOGON q_l; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 usr_info; - uint32 status = 0x0; - DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; - UNISTR2 *uni_samlogon_user = NULL; - - user_struct *vuser = NULL; - - if ((vuser = get_valid_user_struct(uid)) == NULL) return; - - q_l.sam_id.ctr = &ctr; - - net_io_q_sam_logon("", &q_l, data, 0); - - /* checks and updates credentials. creates reply credentials */ - if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), - &(q_l.sam_id.client.cred), &srv_cred)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - else - { - memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); - } - - /* find the username */ - - if (status == 0x0) - { - switch (q_l.sam_id.logon_level) - { - case 1: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); - - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", - lp_workgroup())); - break; - } - case 2: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); - - DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", - lp_workgroup())); - break; - } - default: - { - DEBUG(2,("SAM Logon: unsupported switch value\n")); - status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; - break; - } - } - } - - /* check username exists */ - - if (status == 0x0) - { - pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, - uni_samlogon_user->uni_str_len)); - - DEBUG(3,("User:[%s]\n", samlogon_user)); - - become_root(True); - smb_pass = getsampwnam(samlogon_user); - unbecome_root(True); - - if (smb_pass == NULL) - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - } - } - - /* validate password. */ - - if (status == 0x0) - { - switch (q_l.sam_id.logon_level) - { - case 1: - { - /* interactive login. */ - status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, - smb_pass, vuser); - break; - } - case 2: - { - /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, - smb_pass, vuser); - break; - } - } - } + NET_Q_SAM_LOGON q_l; + NET_ID_INFO_CTR ctr; + NET_USER_INFO_3 usr_info; + uint32 status = 0x0; + DOM_CRED srv_cred; + struct smb_passwd *smb_pass = NULL; + UNISTR2 *uni_samlogon_user = NULL; + + user_struct *vuser = NULL; + + if ((vuser = get_valid_user_struct(uid)) == NULL) + return; + + q_l.sam_id.ctr = &ctr; + + net_io_q_sam_logon("", &q_l, data, 0); + + /* checks and updates credentials. creates reply credentials */ + if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), + &(q_l.sam_id.client.cred), &srv_cred)) + { + status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + } + else + { + memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); + } + + /* find the username */ + + if (status == 0) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); + + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); + break; + } + case NET_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); + + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); + break; + } + default: + { + DEBUG(2,("SAM Logon: unsupported switch value\n")); + status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; + break; + } + } /* end switch */ + } /* end if status == 0 */ + + /* check username exists */ + + if (status == 0) + { + pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, + uni_samlogon_user->uni_str_len)); + + DEBUG(3,("User:[%s]\n", samlogon_user)); + + become_root(True); + smb_pass = getsampwnam(samlogon_user); + unbecome_root(True); + + if (smb_pass == NULL) + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + } + + /* validate password. */ + + if (status == 0) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + /* interactive login. */ + status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); + break; + } + case NET_LOGON_TYPE: + { + /* network login. lm challenge and 24 byte responses */ + status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser); + break; + } + } + } - /* lkclXXXX this is the point at which, if the login was - successful, that the SAM Local Security Authority should - record that the user is logged in to the domain. - */ - - /* return the profile plus other bits :-) */ - - if (status == 0x0) - { - DOM_GID gids[LSA_MAX_GROUPS]; - int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; - pstring my_name; - pstring my_workgroup; - pstring domain_groups; - pstring dom_sid; - pstring other_sids; - uint32 r_uid; - uint32 r_gid; - - /* set up pointer indicating user/password failed to be found */ - usr_info.ptr_user_info = 0; - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - pstrcpy(logon_script, lp_logon_script ()); - pstrcpy(profile_path, lp_logon_path ()); - pstrcpy(dom_sid , lp_domain_sid ()); - pstrcpy(other_sids , lp_domain_other_sids()); - pstrcpy(my_workgroup, lp_workgroup ()); - - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); - - pstrcpy(my_name , global_myname ); - strupper(my_name); - - get_domain_user_groups(domain_groups, samlogon_user); - - num_gids = make_dom_gids(domain_groups, gids); - - sam_logon_in_ssb = False; - - if (name_to_rid(samlogon_user, &r_uid, &r_gid)) - { - make_net_user_info3(&usr_info, - - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - samlogon_user , /* user_name */ - vuser->real_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - - 0, /* logon_count */ - 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ - num_gids, /* uint32 num_groups */ - gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ - - NULL, /* char sess_key[16] */ - - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - dom_sid, /* char *dom_sid */ - other_sids); /* char *other_sids */ - } - else - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - } - } - - net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); + /* lkclXXXX this is the point at which, if the login was + successful, that the SAM Local Security Authority should + record that the user is logged in to the domain. + */ + + /* return the profile plus other bits :-) */ + + if (status == 0) + { + DOM_GID *gids = NULL; + int num_gids = 0; + NTTIME dummy_time; + pstring logon_script; + pstring profile_path; + pstring home_dir; + pstring home_drive; + pstring my_name; + pstring my_workgroup; + pstring domain_groups; + DOM_SID dom_sid; + char *other_sids; + uint32 r_uid; + uint32 r_gid; + + /* set up pointer indicating user/password failed to be found */ + usr_info.ptr_user_info = 0; + + dummy_time.low = 0xffffffff; + dummy_time.high = 0x7fffffff; + + /* XXXX hack to get standard_sub_basic() to use sam logon username */ + /* possibly a better way would be to do a become_user() call */ + sam_logon_in_ssb = True; + + pstrcpy(logon_script, lp_logon_script()); + pstrcpy(profile_path, lp_logon_path()); + string_to_sid(&dom_sid, lp_domain_sid()); + + pstrcpy(other_sids, lp_domain_other_sids()); + pstrcpy(my_workgroup, lp_workgroup()); + + pstrcpy(home_drive, lp_logon_drive()); + pstrcpy(home_dir, lp_logon_home()); + + pstrcpy(my_name, global_myname); + strupper(my_name); + + /* + * This is the point at which we get the group + * database - we should be getting the gid_t list + * from /etc/group and then turning the uids into + * rids and then into machine sids for this user. + * JRA. + */ + + get_domain_user_groups(domain_groups, samlogon_user); + + /* + * make_dom_gids allocates the gids array. JRA. + */ + gids = NULL; + num_gids = make_dom_gids(domain_groups, &gids); + + sam_logon_in_ssb = False; + + if (name_to_rid(samlogon_user, &r_uid, &r_gid)) + { + make_net_user_info3(&usr_info, + &dummy_time, /* logon_time */ + &dummy_time, /* logoff_time */ + &dummy_time, /* kickoff_time */ + &dummy_time, /* pass_last_set_time */ + &dummy_time, /* pass_can_change_time */ + &dummy_time, /* pass_must_change_time */ + + samlogon_user , /* user_name */ + vuser->real_name, /* full_name */ + logon_script , /* logon_script */ + profile_path , /* profile_path */ + home_dir , /* home_dir */ + home_drive , /* dir_drive */ + + 0, /* logon_count */ + 0, /* bad_pw_count */ + + r_uid , /* RID user_id */ + r_gid , /* RID group_id */ + num_gids, /* uint32 num_groups */ + gids , /* DOM_GID *gids */ + 0x20 , /* uint32 user_flgs (?) */ + + NULL, /* char sess_key[16] */ + + my_name , /* char *logon_srv */ + my_workgroup, /* char *logon_dom */ + + &dom_sid, /* DOM_SID *dom_sid */ + other_sids); /* char *other_sids */ + } + else + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + + /* Free any allocated groups array. */ + if(gids) + free((char *)gids); + } + + net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 6f834e454a..8070336f87 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -1018,7 +1018,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, uint32 status = 0x0; struct smb_passwd *smb_pass; - DOM_GID gids[LSA_MAX_GROUPS]; + DOM_GID *gids = NULL; int num_groups = 0; int pol_idx; uint32 rid; @@ -1053,7 +1053,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, { pstring groups; get_domain_user_groups(groups, smb_pass->smb_name); - num_groups = make_dom_gids(groups, gids); + gids = NULL; + num_groups = make_dom_gids(groups, &gids); } /* construct the response. lkclXXXX: gids are not copied! */ @@ -1062,6 +1063,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, /* store the response in the SMB stream */ samr_io_r_query_usergroups("", &r_u, rdata, 0); + if(gids) + free((char *)gids); DEBUG(5,("samr_query_usergroups: %d\n", __LINE__)); } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index e842e3b9f9..204a9eac8e 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -79,57 +79,74 @@ rid_name domain_group_rids[] = }; -int make_dom_gids(char *gids_str, DOM_GID *gids) +int make_dom_gids(char *gids_str, DOM_GID **ppgids) { - char *ptr; - pstring s2; - int count; - - DEBUG(4,("make_dom_gids: %s\n", gids_str)); - - if (gids_str == NULL || *gids_str == 0) return 0; - - for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++) - { - /* the entries are of the form GID/ATTR, ATTR being optional.*/ - char *attr; - uint32 rid = 0; - int i; - - attr = strchr(s2,'/'); - if (attr) *attr++ = 0; - if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */ - - /* look up the RID string and see if we can turn it into a rid number */ - for (i = 0; domain_alias_rids[i].name != NULL; i++) - { - if (strequal(domain_alias_rids[i].name, s2)) - { - rid = domain_alias_rids[i].rid; - break; - } - } - - if (rid == 0) rid = atoi(s2); - - if (rid == 0) - { - DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", - s2, attr)); - count--; - } - else - { - gids[count].g_rid = rid; - gids[count].attr = atoi(attr); - - DEBUG(5,("group id: %d attr: %d\n", - gids[count].g_rid, - gids[count].attr)); - } - } - - return count; + char *ptr; + pstring s2; + int count; + DOM_GID *gids; + + *ppgids = NULL; + + DEBUG(4,("make_dom_gids: %s\n", gids_str)); + + if (gids_str == NULL || *gids_str == 0) + return 0; + + for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++) + ; + + gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count ); + if(!gids) + { + DEBUG(0,("make_dom_gids: malloc fail !\n")); + return 0; + } + + for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && + count < LSA_MAX_GROUPS; count++) + { + /* the entries are of the form GID/ATTR, ATTR being optional.*/ + char *attr; + uint32 rid = 0; + int i; + + attr = strchr(s2,'/'); + if (attr) + *attr++ = 0; + + if (!attr || !*attr) + attr = "7"; /* default value for attribute is 7 */ + + /* look up the RID string and see if we can turn it into a rid number */ + for (i = 0; domain_alias_rids[i].name != NULL; i++) + { + if (strequal(domain_alias_rids[i].name, s2)) + { + rid = domain_alias_rids[i].rid; + break; + } + } + + if (rid == 0) + rid = atoi(s2); + + if (rid == 0) + { + DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr)); + count--; + } + else + { + gids[count].g_rid = rid; + gids[count].attr = atoi(attr); + + DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr)); + } + } + + *ppgids = gids; + return count; } /******************************************************************* diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index d900b54c1f..ece3107257 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -427,13 +427,13 @@ BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root) return(chat_with_program(passwordprogram,name,chatsequence, as_root)); } -#else +#else /* ALLOW_CHANGE_PASSWORD */ BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root) { DEBUG(0,("Password changing not compiled in (user=%s)\n",name)); return(False); } -#endif +#endif /* ALLOW_CHANGE_PASSWORD */ /*********************************************************** Code to check the lanman hashed password. diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 7b82894c7f..132fdb30ef 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1677,6 +1677,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat fstring new_passwd; struct smb_passwd *sampw = NULL; char *p = param + 2; + int ret = True; *rparam_len = 2; *rparam = REALLOC(*rparam,*rparam_len); @@ -1718,9 +1719,9 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat */ if(lp_unix_password_sync()) - chgpasswd(user,"", new_passwd, True); + ret = chgpasswd(user,"", new_passwd, True); - if(change_oem_password( sampw, new_passwd, False)) { + if(ret && change_oem_password( sampw, new_passwd, False)) { SSVAL(*rparam,0,NERR_Success); } -- cgit