#include "db_wrap.h"
-/*
- This is a bad temporary hack until we have at least some kind of schema
- support
-*/
-static char *ldb_hexstr(TALLOC_CTX *mem_ctx, uint32_t val)
-{
- return talloc_asprintf(mem_ctx, "0x%.8x", val);
-}
-
/*
samr_Connect
static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
struct samr_DomInfo2 *info)
{
- const char * const dom_attrs[] = { "comment", NULL };
+ const char * const dom_attrs[] = { "comment", "forceLogoff", NULL };
int ret;
struct ldb_message **dom_msgs;
const char *domain_name;
}
domain_name = state->domain_name;
- /* where is this supposed to come from? is it settable? */
- info->force_logoff_time = 0x8000000000000000LL;
+
+ info->force_logoff_time = ldb_msg_find_uint64(dom_msgs[0], "forceLogoff",
+ 0x8000000000000000LL);
info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL);
info->domain_name.string = domain_name;
TALLOC_CTX *mem_ctx,
struct samr_DomInfo3 *info)
{
- /* where is this supposed to come from? is it settable? */
- info->force_logoff_time = 0x8000000000000000LL;
+ const char * const dom_attrs[] = { "comment", "forceLogoff", NULL };
+ int ret;
+ struct ldb_message **dom_msgs;
+
+ ret = gendb_search_dn(state->sam_ctx, mem_ctx,
+ state->domain_dn, &dom_msgs, dom_attrs);
+ if (ret != 1) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ info->force_logoff_time = ldb_msg_find_uint64(dom_msgs[0], "forceLogoff",
+ 0x8000000000000000LL);
return NT_STATUS_OK;
}
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
d_state->domain_sid,
- "(&(grouptype=%s)(objectclass=group))",
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_GLOBAL_GROUP));
+ "(&(grouptype=%d)(objectclass=group))",
+ GTYPE_SECURITY_GLOBAL_GROUP);
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", alias_name);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
- samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "groupType", "0x80000004");
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "groupType", 0x80000004);
/* create the alias */
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
d_state->domain_dn,
&res, attrs,
d_state->domain_sid,
- "(&(|(grouptype=%s)(grouptype=%s)))"
+ "(&(|(grouptype=%d)(grouptype=%d)))"
"(objectclass=group))",
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
const char * const attrs[2] = { "objectSid", NULL };
filter = talloc_asprintf(mem_ctx,
- "(&(|(grouptype=%s)(grouptype=%s))"
+ "(&(|(grouptype=%d)(grouptype=%d))"
"(objectclass=group)(|",
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (filter == NULL)
return NT_STATUS_NO_MEMORY;
ret = gendb_search(d_state->sam_ctx,
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
- "(grouptype=%s))",
+ "(grouptype=%d))",
ldap_encode_ndr_dom_sid(mem_ctx, sid),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_GLOBAL_GROUP));
+ GTYPE_SECURITY_GLOBAL_GROUP);
if (ret == 0) {
return NT_STATUS_NO_SUCH_GROUP;
}
ret = gendb_search(d_state->sam_ctx,
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
- "(|(grouptype=%s)(grouptype=%s)))",
+ "(|(grouptype=%d)(grouptype=%d)))",
ldap_encode_ndr_dom_sid(mem_ctx, sid),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (ret == 0) {
return NT_STATUS_NO_SUCH_ALIAS;
}
count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res,
attrs, d_state->domain_sid,
- "(&(member=%s)(grouptype=%s)(objectclass=group))",
+ "(&(member=%s)(grouptype=%d)(objectclass=group))",
ldb_dn_linearize(mem_ctx, a_state->account_dn),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_GLOBAL_GROUP));
+ GTYPE_SECURITY_GLOBAL_GROUP);
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
case 1:
case 4:
filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)"
- "(sAMAccountType=%s))",
- ldb_hexstr(mem_ctx,
- ATYPE_NORMAL_ACCOUNT));
+ "(sAMAccountType=%u))",
+ ATYPE_NORMAL_ACCOUNT);
break;
case 2:
filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)"
- "(sAMAccountType=%s))",
- ldb_hexstr(mem_ctx,
- ATYPE_WORKSTATION_TRUST));
+ "(sAMAccountType=%u))",
+ ATYPE_WORKSTATION_TRUST);
break;
case 3:
case 5:
- filter = talloc_asprintf(mem_ctx, "(&(grouptype=%s)"
+ filter = talloc_asprintf(mem_ctx, "(&(grouptype=%d)"
"(objectclass=group))",
- ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP));
+ GTYPE_SECURITY_GLOBAL_GROUP);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
d_state->domain_dn, &res, attrs,
d_state->domain_sid,
"(&(member=%s)(objectClass=group)"
- "(|(groupType=%s)(groupType=%s)))",
+ "(|(groupType=%d)(groupType=%d)))",
memberdn,
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
- ldb_hexstr(mem_ctx,
- GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
+ GTYPE_SECURITY_BUILTIN_LOCAL_GROUP,
+ GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
dc: ${RDN_DC}
objectGUID: ${DOMAINGUID}
creationTime: ${NTTIME}
-forceLogoff: 0x8000000000000000
+forceLogoff: 9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
description: Default container for upgraded user accounts
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
allowedChildClassesEffective: user
description: Default container for upgraded computer accounts
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
description: Default container for domain controllers
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains
instanceType: 4
showInAdvancedViewOnly: FALSE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
description: Builtin system settings
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
cn: RID Manager$
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
cn: Infrastructure
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
cn: Builtin
instanceType: 4
showInAdvancedViewOnly: FALSE
-forceLogoff: 0x8000000000000000
+forceLogoff: 9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
cn: Partitions
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x80000000
+systemFlags: 2147483648
objectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,${BASEDN}
msDS-Behavior-Version: 0
fSMORoleOwner: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
cn: Enterprise Configuration
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x00000001
+systemFlags: 1
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: CN=Configuration,${BASEDN}
dnsRoot: ${DNSDOMAIN}
cn: Enterprise Schema
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x00000001
+systemFlags: 1
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: CN=Schema,CN=Configuration,${BASEDN}
dnsRoot: ${DNSDOMAIN}
cn: ${DOMAIN}
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x00000003
+systemFlags: 3
objectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,${BASEDN}
nCName: ${BASEDN}
nETBIOSName: ${DOMAIN}
cn: Sites
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x82000000
+systemFlags: 2181038080
objectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
cn: ${DEFAULTSITE}
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x82000000
+systemFlags: 2181038080
objectCategory: CN=Site,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
cn: Servers
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x82000000
+systemFlags: 2181038080
objectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,CN=Configuration,${BASEDN}
cn: ${NETBIOSNAME}
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x52000000
+systemFlags: 1375731712
objectCategory: CN=Server,CN=Schema,CN=Configuration,${BASEDN}
dNSHostName: ${DNSNAME}
serverReference: CN=${NETBIOSNAME},OU=Domain Controllers,${BASEDN}
cn: NTDS Settings
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x02000000
+systemFlags: 33554432
objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,${BASEDN}
dMDLocation: CN=Schema,CN=Configuration,${BASEDN}
objectGUID: ${INVOCATIONID}
cn: Services
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x80000000
+systemFlags: 2147483648
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
description: Container for SAM account templates
instanceType: 4
showInAdvancedViewOnly: TRUE
-systemFlags: 0x8c000000
+systemFlags: 2348810240
objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectClass: userTemplate
cn: TemplateUser
instanceType: 4
-userAccountControl: 0x202
+userAccountControl: 514
badPwdCount: 0
codePage: 0
countryCode: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 0x30000000
+sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=TemplateComputer,CN=Templates,${BASEDN}
objectClass: userTemplate
cn: TemplateComputer
instanceType: 4
-userAccountControl: 0x1002
+userAccountControl: 4098
badPwdCount: 0
codePage: 0
countryCode: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 0x30000001
+sAMAccountType: 805306369
objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
dn: CN=TemplateTrustingDomain,CN=Templates,${BASEDN}
objectClass: userTemplate
cn: TemplateTrustingDomain
instanceType: 4
-userAccountControl: 0x820
+userAccountControl: 2080
badPwdCount: 0
codePage: 0
countryCode: 0
primaryGroupID: 513
accountExpires: -1
logonCount: 0
-sAMAccountType: 0x30000002
+sAMAccountType: 805306370
dn: CN=TemplateGroup,CN=Templates,${BASEDN}
objectClass: top
objectClass: groupTemplate
cn: TemplateGroup
instanceType: 4
-groupType: 0x80000002
-sAMAccountType: 0x10000000
+groupType: -2147483646
+sAMAccountType: 268435456
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
-dn: CN=TemplateAlias,CN=Templates,${BASEDN}
-objectClass: top
-objectClass: Template
-objectClass: aliasTemplate
-cn: TemplateAlias
-instanceType: 4
-groupType: 0x80000004
-sAMAccountType: 0x10000000
+# Currently this isn't used, we don't have a way to detect it different from an incoming alias
+#
+# dn: CN=TemplateAlias,CN=Templates,${BASEDN}
+# objectClass: top
+# objectClass: Template
+# objectClass: aliasTemplate
+# cn: TemplateAlias
+# instanceType: 4
+# groupType: -2147483644
+# sAMAccountType: 268435456
dn: CN=TemplateForeignSecurityPrincipal,CN=Templates,${BASEDN}
objectClass: top
memberOf: CN=Enterprise Admins,CN=Users,${BASEDN}
memberOf: CN=Schema Admins,CN=Users,${BASEDN}
memberOf: CN=Administrators,CN=Builtin,${BASEDN}
-userAccountControl: 0x10200
+userAccountControl: 66048
objectSid: ${DOMAINSID}-500
adminCount: 1
accountExpires: -1
cn: Guest
description: Built-in account for guest access to the computer/domain
memberOf: CN=Guests,CN=Builtin,${BASEDN}
-userAccountControl: 0x10222
+userAccountControl: 66082
primaryGroupID: 514
objectSid: ${DOMAINSID}-501
sAMAccountName: Guest
objectSid: S-1-5-32-544
adminCount: 1
sAMAccountName: Administrators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeSecurityPrivilege
member: CN=Domain Users,CN=Users,${BASEDN}
objectSid: S-1-5-32-545
sAMAccountName: Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
member: CN=Guest,CN=Users,${BASEDN}
objectSid: S-1-5-32-546
sAMAccountName: Guests
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectSid: S-1-5-32-550
adminCount: 1
sAMAccountName: Print Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeLoadDriverPrivilege
objectSid: S-1-5-32-551
adminCount: 1
sAMAccountName: Backup Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
objectSid: S-1-5-32-552
adminCount: 1
sAMAccountName: Replicator
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
description: Members in this group are granted the right to logon remotely
objectSid: S-1-5-32-555
sAMAccountName: Remote Desktop Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
description: Members in this group can have some administrative privileges to manage configuration of networking features
objectSid: S-1-5-32-556
sAMAccountName: Network Configuration Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
description: Members of this group have remote access to monitor this computer
objectSid: S-1-5-32-558
sAMAccountName: Performance Monitor Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
description: Members of this group have remote access to schedule logging of performance counters on this computer
objectSid: S-1-5-32-559
sAMAccountName: Performance Log Users
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectClass: group
cn: Cert Publishers
description: Members of this group are permitted to publish certificates to the Active Directory
-groupType: 0x80000004
-sAMAccountType: 0x20000000
+groupType: 2147483652
+sAMAccountType: 536870912
objectSid: ${DOMAINSID}-517
sAMAccountName: Cert Publishers
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
instanceType: 4
objectSid: ${DOMAINSID}-553
sAMAccountName: RAS and IAS Servers
-sAMAccountType: 0x20000000
-groupType: 0x80000004
+sAMAccountType: 536870912
+groupType: 2147483652
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
objectSid: S-1-5-32-549
adminCount: 1
sAMAccountName: Server Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeBackupPrivilege
objectSid: S-1-5-32-548
adminCount: 1
sAMAccountName: Account Operators
-sAMAccountType: 0x20000000
-systemFlags: 0x8c000000
-groupType: 0x80000005
+sAMAccountType: 536870912
+systemFlags: 2348810240
+groupType: 2147483653
objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
isCriticalSystemObject: TRUE
privilege: SeInteractiveLogonRight