pipes_struct *p;
DEBUG(4,("Create pipe requested %s\n",
- get_pipe_name_from_iface(syntax)));
+ get_pipe_name_from_syntax(talloc_tos(), syntax)));
p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
return NULL;
}
- if ((p->mem_ctx = talloc_init("pipe %s %p",
- get_pipe_name_from_iface(syntax),
- p)) == NULL) {
+ p->mem_ctx = talloc_named(p, 0, "pipe %s %p",
+ get_pipe_name_from_syntax(talloc_tos(),
+ syntax), p);
+ if (p->mem_ctx == NULL) {
DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
TALLOC_FREE(p);
return NULL;
if (!init_pipe_handle_list(p, syntax)) {
DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
- talloc_destroy(p->mem_ctx);
TALLOC_FREE(p);
return NULL;
}
if(!prs_init(&p->in_data.data, 128, p->mem_ctx, MARSHALL)) {
DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
- talloc_destroy(p->mem_ctx);
close_policy_by_pipe(p);
TALLOC_FREE(p);
return NULL;
p->server_info = copy_serverinfo(p, server_info);
if (p->server_info == NULL) {
DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
- talloc_destroy(p->mem_ctx);
close_policy_by_pipe(p);
TALLOC_FREE(p);
return NULL;
p->syntax = *syntax;
DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
- get_pipe_name_from_iface(syntax), pipes_open));
+ get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
talloc_set_destructor(p, close_internal_rpc_pipe_hnd);
p->in_data.pdu_received_len = 0;
p->fault_state = True;
DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
- get_pipe_name_from_iface(&p->syntax)));
+ get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
}
/****************************************************************************
* AS/U doesn't set FIRST flag in a BIND packet it seems.
*/
- if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
+ if ((p->hdr.pkt_type == DCERPC_PKT_REQUEST) && !(p->hdr.flags & DCERPC_PFC_FLAG_FIRST)) {
/*
* Ensure that the FIRST flag is set. If not then we have
* a stream missmatch.
"%lu\n", (unsigned long)talloc_total_size(p->mem_ctx) ));
talloc_free_children(p->mem_ctx);
} else {
- p->mem_ctx = talloc_init(
- "pipe %s %p", get_pipe_name_from_iface(&p->syntax), p);
+ p->mem_ctx = talloc_named(p, 0, "pipe %s %p",
+ get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax), p);
if (p->mem_ctx == NULL) {
p->fault_state = True;
}
* will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
*/
- if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) {
+ if(prs_offset(&p->in_data.data) + data_len > MAX_RPC_DATA_SIZE) {
DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
(unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
set_incoming_fault(p);
return False;
}
- if(p->hdr.flags & RPC_FLG_LAST) {
+ if(p->hdr.flags & DCERPC_PFC_FLAG_LAST) {
bool ret = False;
/*
* Ok - we finally have a complete RPC stream.
if(p->fault_state) {
DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
- get_pipe_name_from_iface(&p->syntax)));
+ get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
set_incoming_fault(p);
setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
return;
(unsigned int)p->hdr.pkt_type ));
switch (p->hdr.pkt_type) {
- case RPC_REQUEST:
+ case DCERPC_PKT_REQUEST:
reply = process_request_pdu(p, &rpc_in);
break;
- case RPC_PING: /* CL request - ignore... */
+ case DCERPC_PKT_PING: /* CL request - ignore... */
DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
(unsigned int)p->hdr.pkt_type,
- get_pipe_name_from_iface(&p->syntax)));
+ get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax)));
break;
- case RPC_RESPONSE: /* No responses here. */
- DEBUG(0,("process_complete_pdu: Error. RPC_RESPONSE received from client on pipe %s.\n",
- get_pipe_name_from_iface(&p->syntax)));
+ case DCERPC_PKT_RESPONSE: /* No responses here. */
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_RESPONSE received from client on pipe %s.\n",
+ get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax)));
break;
- case RPC_FAULT:
- case RPC_WORKING: /* CL request - reply to a ping when a call in process. */
- case RPC_NOCALL: /* CL - server reply to a ping call. */
- case RPC_REJECT:
- case RPC_ACK:
- case RPC_CL_CANCEL:
- case RPC_FACK:
- case RPC_CANCEL_ACK:
+ case DCERPC_PKT_FAULT:
+ case DCERPC_PKT_WORKING: /* CL request - reply to a ping when a call in process. */
+ case DCERPC_PKT_NOCALL: /* CL - server reply to a ping call. */
+ case DCERPC_PKT_REJECT:
+ case DCERPC_PKT_ACK:
+ case DCERPC_PKT_CL_CANCEL:
+ case DCERPC_PKT_FACK:
+ case DCERPC_PKT_CANCEL_ACK:
DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
(unsigned int)p->hdr.pkt_type,
- get_pipe_name_from_iface(&p->syntax)));
+ get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax)));
break;
- case RPC_BIND:
+ case DCERPC_PKT_BIND:
/*
* We assume that a pipe bind is only in one pdu.
*/
}
break;
- case RPC_BINDACK:
- case RPC_BINDNACK:
- DEBUG(0,("process_complete_pdu: Error. RPC_BINDACK/RPC_BINDNACK packet type %u received on pipe %s.\n",
+ case DCERPC_PKT_BIND_ACK:
+ case DCERPC_PKT_BIND_NAK:
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK packet type %u received on pipe %s.\n",
(unsigned int)p->hdr.pkt_type,
- get_pipe_name_from_iface(&p->syntax)));
+ get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax)));
break;
- case RPC_ALTCONT:
+ case DCERPC_PKT_ALTER:
/*
* We assume that a pipe bind is only in one pdu.
*/
}
break;
- case RPC_ALTCONTRESP:
- DEBUG(0,("process_complete_pdu: Error. RPC_ALTCONTRESP on pipe %s: Should only be server -> client.\n",
- get_pipe_name_from_iface(&p->syntax)));
+ case DCERPC_PKT_ALTER_RESP:
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_ALTER_RESP on pipe %s: Should only be server -> client.\n",
+ get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax)));
break;
- case RPC_AUTH3:
+ case DCERPC_PKT_AUTH3:
/*
* The third packet in an NTLMSSP auth exchange.
*/
}
break;
- case RPC_SHUTDOWN:
- DEBUG(0,("process_complete_pdu: Error. RPC_SHUTDOWN on pipe %s: Should only be server -> client.\n",
- get_pipe_name_from_iface(&p->syntax)));
+ case DCERPC_PKT_SHUTDOWN:
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_SHUTDOWN on pipe %s: Should only be server -> client.\n",
+ get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax)));
break;
- case RPC_CO_CANCEL:
+ case DCERPC_PKT_CO_CANCEL:
/* For now just free all client data and continue processing. */
- DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n"));
+ DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL. Abandoning rpc call.\n"));
/* As we never do asynchronous RPC serving, we can never cancel a
call (as far as I know). If we ever did we'd have to send a cancel_ack
reply. For now, just free all client data and continue processing. */
break;
#endif
- case RPC_ORPHANED:
+ case DCERPC_PKT_ORPHANED:
/* We should probably check the auth-verifier here.
For now just free all client data and continue processing. */
- DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n"));
+ DEBUG(3,("process_complete_pdu: DCERPC_PKT_ORPHANED. Abandoning rpc call.\n"));
reply = True;
break;
if (!reply) {
DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
- "pipe %s\n", get_pipe_name_from_iface(&p->syntax)));
+ "pipe %s\n", get_pipe_name_from_syntax(talloc_tos(),
+ &p->syntax)));
set_incoming_fault(p);
setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
prs_mem_free(&rpc_in);
return rret;
}
/* If rret == 0 and pdu_needed_len == 0 here we have a PDU that consists
- of an RPC_HEADER only. This is a RPC_SHUTDOWN, RPC_CO_CANCEL or RPC_ORPHANED
+ of an RPC_HEADER only. This is a DCERPC_PKT_SHUTDOWN, DCERPC_PKT_CO_CANCEL or DCERPC_PKT_ORPHANED
pdu type. Deal with this in process_complete_pdu(). */
}
return -1;
}
- DEBUG(6,(" name: %s len: %u\n", get_pipe_name_from_iface(&p->syntax),
+ DEBUG(6,(" name: %s len: %u\n",
+ get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
(unsigned int)n));
/*
if(n > RPC_MAX_PDU_FRAG_LEN) {
DEBUG(5,("read_from_pipe: too large read (%u) requested on "
"pipe %s. We can only service %d sized reads.\n",
- (unsigned int)n, get_pipe_name_from_iface(&p->syntax),
+ (unsigned int)n,
+ get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
RPC_MAX_PDU_FRAG_LEN ));
n = RPC_MAX_PDU_FRAG_LEN;
}
DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, "
"current_pdu_sent = %u returning %d bytes.\n",
- get_pipe_name_from_iface(&p->syntax),
+ get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
(unsigned int)prs_offset(&p->out_data.frag),
(unsigned int)p->out_data.current_pdu_sent,
(int)data_returned));
DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length "
"= %u, prs_offset(&p->out_data.rdata) = %u.\n",
- get_pipe_name_from_iface(&p->syntax), (int)p->fault_state,
+ get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
+ (int)p->fault_state,
(unsigned int)p->out_data.data_sent_length,
(unsigned int)prs_offset(&p->out_data.rdata) ));
if(!create_next_pdu(p)) {
DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n",
- get_pipe_name_from_iface(&p->syntax)));
+ get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
return -1;
}
out:
(*is_data_outstanding) = prs_offset(&p->out_data.frag) > n;
+ if (p->out_data.current_pdu_sent == prs_offset(&p->out_data.frag)) {
+ /* We've returned everything in the out_data.frag
+ * so we're done with this pdu. Free it and reset
+ * current_pdu_sent. */
+ p->out_data.current_pdu_sent = 0;
+ prs_mem_free(&p->out_data.frag);
+ }
return data_returned;
}
(*p->auth.auth_data_free_func)(&p->auth);
}
- TALLOC_FREE(p->mem_ctx);
-
free_pipe_rpc_context( p->contexts );
/* Free the handles database. */
ZERO_STRUCTP(p);
- TALLOC_FREE(p);
-
- return True;
+ return 0;
}
bool fsp_is_np(struct files_struct *fsp)
}
struct np_proxy_state {
+ struct tevent_queue *read_queue;
+ struct tevent_queue *write_queue;
int fd;
+
+ uint8_t *msg;
+ size_t sent;
};
static int np_proxy_state_destructor(struct np_proxy_state *state)
goto fail;
}
+ result->msg = NULL;
+
+ result->read_queue = tevent_queue_create(result, "np_read");
+ if (result->read_queue == NULL) {
+ goto fail;
+ }
+ result->write_queue = tevent_queue_create(result, "np_write");
+ if (result->write_queue == NULL) {
+ goto fail;
+ }
+
return result;
fail:
}
struct np_write_state {
+ struct event_context *ev;
+ struct np_proxy_state *p;
+ struct iovec iov;
ssize_t nwritten;
};
-static void np_write_done(struct async_req *subreq);
+static void np_write_done(struct tevent_req *subreq);
-struct async_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
- struct fake_file_handle *handle,
- const uint8_t *data, size_t len)
+struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
+ struct fake_file_handle *handle,
+ const uint8_t *data, size_t len)
{
- struct async_req *result, *subreq;
+ struct tevent_req *req;
struct np_write_state *state;
NTSTATUS status;
DEBUG(6, ("np_write_send: len: %d\n", (int)len));
dump_data(50, data, len);
- if (!async_req_setup(mem_ctx, &result, &state,
- struct np_write_state)) {
+ req = tevent_req_create(mem_ctx, &state, struct np_write_state);
+ if (req == NULL) {
return NULL;
}
if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) {
struct np_proxy_state *p = talloc_get_type_abort(
handle->private_data, struct np_proxy_state);
+ struct tevent_req *subreq;
- state->nwritten = len;
+ state->ev = ev;
+ state->p = p;
+ state->iov.iov_base = CONST_DISCARD(void *, data);
+ state->iov.iov_len = len;
- subreq = sendall_send(state, ev, p->fd, data, len, 0);
+ subreq = writev_send(state, ev, p->write_queue, p->fd,
+ false, &state->iov, 1);
if (subreq == NULL) {
goto fail;
}
- subreq->async.fn = np_write_done;
- subreq->async.priv = result;
- return result;
+ tevent_req_set_callback(subreq, np_write_done, req);
+ return req;
}
status = NT_STATUS_INVALID_HANDLE;
post_status:
- if (async_post_ntstatus(result, ev, status)) {
- return result;
+ if (NT_STATUS_IS_OK(status)) {
+ tevent_req_done(req);
+ } else {
+ tevent_req_nterror(req, status);
}
+ return tevent_req_post(req, ev);
fail:
- TALLOC_FREE(result);
+ TALLOC_FREE(req);
return NULL;
}
-static void np_write_done(struct async_req *subreq)
+static void np_write_done(struct tevent_req *subreq)
{
- struct async_req *req = talloc_get_type_abort(
- subreq->async.priv, struct async_req);
- NTSTATUS status;
-
- status = sendall_recv(subreq);
- if (!NT_STATUS_IS_OK(status)) {
- async_req_nterror(req, status);
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct np_write_state *state = tevent_req_data(
+ req, struct np_write_state);
+ ssize_t received;
+ int err;
+
+ received = writev_recv(subreq, &err);
+ if (received < 0) {
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
return;
}
- async_req_done(req);
+ state->nwritten = received;
+ tevent_req_done(req);
}
-NTSTATUS np_write_recv(struct async_req *req, ssize_t *pnwritten)
+NTSTATUS np_write_recv(struct tevent_req *req, ssize_t *pnwritten)
{
- struct np_write_state *state = talloc_get_type_abort(
- req->private_data, struct np_write_state);
+ struct np_write_state *state = tevent_req_data(
+ req, struct np_write_state);
NTSTATUS status;
- if (async_req_is_nterror(req, &status)) {
+ if (tevent_req_is_nterror(req, &status)) {
return status;
}
*pnwritten = state->nwritten;
return NT_STATUS_OK;
}
+static ssize_t rpc_frag_more_fn(uint8_t *buf, size_t buflen, void *priv)
+{
+ prs_struct hdr_prs;
+ struct rpc_hdr_info hdr;
+ bool ret;
+
+ if (buflen > RPC_HEADER_LEN) {
+ return 0;
+ }
+ prs_init_empty(&hdr_prs, talloc_tos(), UNMARSHALL);
+ prs_give_memory(&hdr_prs, (char *)buf, RPC_HEADER_LEN, false);
+ ret = smb_io_rpc_hdr("", &hdr, &hdr_prs, 0);
+ prs_mem_free(&hdr_prs);
+
+ if (!ret) {
+ return -1;
+ }
+
+ return (hdr.frag_len - RPC_HEADER_LEN);
+}
+
struct np_read_state {
- ssize_t nread;
+ struct event_context *ev;
+ struct np_proxy_state *p;
+ uint8_t *data;
+ size_t len;
+
+ size_t nread;
bool is_data_outstanding;
- int fd;
};
-static void np_read_done(struct async_req *subreq);
+static void np_read_trigger(struct tevent_req *req, void *private_data);
+static void np_read_done(struct tevent_req *subreq);
-struct async_req *np_read_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
- struct fake_file_handle *handle,
- uint8_t *data, size_t len)
+struct tevent_req *np_read_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
+ struct fake_file_handle *handle,
+ uint8_t *data, size_t len)
{
- struct async_req *result, *subreq;
+ struct tevent_req *req;
struct np_read_state *state;
NTSTATUS status;
- if (!async_req_setup(mem_ctx, &result, &state,
- struct np_read_state)) {
+ req = tevent_req_create(mem_ctx, &state, struct np_read_state);
+ if (req == NULL) {
return NULL;
}
struct np_proxy_state *p = talloc_get_type_abort(
handle->private_data, struct np_proxy_state);
- state->fd = p->fd;
+ if (p->msg != NULL) {
+ size_t thistime;
- subreq = async_recv(state, ev, p->fd, data, len, 0);
- if (subreq == NULL) {
+ thistime = MIN(talloc_get_size(p->msg) - p->sent,
+ len);
+
+ memcpy(data, p->msg+p->sent, thistime);
+ state->nread = thistime;
+ p->sent += thistime;
+
+ if (p->sent < talloc_get_size(p->msg)) {
+ state->is_data_outstanding = true;
+ } else {
+ state->is_data_outstanding = false;
+ TALLOC_FREE(p->msg);
+ }
+ status = NT_STATUS_OK;
+ goto post_status;
+ }
+
+ state->ev = ev;
+ state->p = p;
+ state->data = data;
+ state->len = len;
+
+ if (!tevent_queue_add(p->read_queue, ev, req, np_read_trigger,
+ NULL)) {
goto fail;
}
- subreq->async.fn = np_read_done;
- subreq->async.priv = result;
- return result;
+ return req;
}
status = NT_STATUS_INVALID_HANDLE;
post_status:
- if (async_post_ntstatus(result, ev, status)) {
- return result;
+ if (NT_STATUS_IS_OK(status)) {
+ tevent_req_done(req);
+ } else {
+ tevent_req_nterror(req, status);
}
+ return tevent_req_post(req, ev);
fail:
- TALLOC_FREE(result);
+ TALLOC_FREE(req);
return NULL;
}
-static void np_read_done(struct async_req *subreq)
+static void np_read_trigger(struct tevent_req *req, void *private_data)
{
- struct async_req *req = talloc_get_type_abort(
- subreq->async.priv, struct async_req);
- struct np_read_state *state = talloc_get_type_abort(
- req->private_data, struct np_read_state);
- ssize_t result;
- int sys_errno;
- int available = 0;
-
- result = async_syscall_result_ssize_t(subreq, &sys_errno);
- if (result == -1) {
- async_req_nterror(req, map_nt_error_from_unix(sys_errno));
+ struct np_read_state *state = tevent_req_data(
+ req, struct np_read_state);
+ struct tevent_req *subreq;
+
+ subreq = read_packet_send(state, state->ev, state->p->fd,
+ RPC_HEADER_LEN, rpc_frag_more_fn, NULL);
+ if (tevent_req_nomem(subreq, req)) {
return;
}
- if (result == 0) {
- async_req_nterror(req, NT_STATUS_END_OF_FILE);
+ tevent_req_set_callback(subreq, np_read_done, req);
+}
+
+static void np_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct np_read_state *state = tevent_req_data(
+ req, struct np_read_state);
+ ssize_t received;
+ size_t thistime;
+ int err;
+
+ received = read_packet_recv(subreq, state->p, &state->p->msg, &err);
+ TALLOC_FREE(subreq);
+ if (received == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
return;
}
- state->nread = result;
+ thistime = MIN(received, state->len);
- /*
- * We don't look at the ioctl result. We don't really care if there is
- * data available, because this is racy anyway.
- */
- ioctl(state->fd, FIONREAD, &available);
- state->is_data_outstanding = (available > 0);
+ memcpy(state->data, state->p->msg, thistime);
+ state->p->sent = thistime;
+ state->nread = thistime;
- async_req_done(req);
+ if (state->p->sent < received) {
+ state->is_data_outstanding = true;
+ } else {
+ TALLOC_FREE(state->p->msg);
+ state->is_data_outstanding = false;
+ }
+
+ tevent_req_done(req);
+ return;
}
-NTSTATUS np_read_recv(struct async_req *req, ssize_t *nread,
+NTSTATUS np_read_recv(struct tevent_req *req, ssize_t *nread,
bool *is_data_outstanding)
{
- struct np_read_state *state = talloc_get_type_abort(
- req->private_data, struct np_read_state);
+ struct np_read_state *state = tevent_req_data(
+ req, struct np_read_state);
NTSTATUS status;
- if (async_req_is_nterror(req, &status)) {
+ if (tevent_req_is_nterror(req, &status)) {
return status;
}
*nread = state->nread;
*presult = result;
return NT_STATUS_OK;
}
+
+/*******************************************************************
+ gets a domain user's groups from their already-calculated NT_USER_TOKEN
+ ********************************************************************/
+
+static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
+ const DOM_SID *domain_sid,
+ size_t num_sids,
+ const DOM_SID *sids,
+ int *numgroups,
+ struct samr_RidWithAttribute **pgids)
+{
+ int i;
+
+ *numgroups=0;
+ *pgids = NULL;
+
+ for (i=0; i<num_sids; i++) {
+ struct samr_RidWithAttribute gid;
+ if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.rid)) {
+ continue;
+ }
+ gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+ SE_GROUP_ENABLED);
+ ADD_TO_ARRAY(mem_ctx, struct samr_RidWithAttribute,
+ gid, pgids, numgroups);
+ if (*pgids == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ inits a netr_SamBaseInfo structure from an auth_serversupplied_info.
+*****************************************************************************/
+
+static NTSTATUS serverinfo_to_SamInfo_base(TALLOC_CTX *mem_ctx,
+ struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamBaseInfo *base)
+{
+ struct samu *sampw;
+ struct samr_RidWithAttribute *gids = NULL;
+ const DOM_SID *user_sid = NULL;
+ const DOM_SID *group_sid = NULL;
+ DOM_SID domain_sid;
+ uint32 user_rid, group_rid;
+ NTSTATUS status;
+
+ int num_gids = 0;
+ const char *my_name;
+
+ struct netr_UserSessionKey user_session_key;
+ struct netr_LMSessionKey lm_session_key;
+
+ NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
+ NTTIME allow_password_change, force_password_change;
+ struct samr_RidWithAttributeArray groups;
+ int i;
+ struct dom_sid2 *sid = NULL;
+
+ ZERO_STRUCT(user_session_key);
+ ZERO_STRUCT(lm_session_key);
+
+ sampw = server_info->sam_account;
+
+ user_sid = pdb_get_user_sid(sampw);
+ group_sid = pdb_get_group_sid(sampw);
+
+ if (pipe_session_key && pipe_session_key_len != 16) {
+ DEBUG(0,("serverinfo_to_SamInfo3: invalid "
+ "pipe_session_key_len[%zu] != 16\n",
+ pipe_session_key_len));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if ((user_sid == NULL) || (group_sid == NULL)) {
+ DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ sid_copy(&domain_sid, user_sid);
+ sid_split_rid(&domain_sid, &user_rid);
+
+ sid = sid_dup_talloc(mem_ctx, &domain_sid);
+ if (!sid) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
+ DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
+ "%s\n but group sid %s.\n"
+ "The conflicting domain portions are not "
+ "supported for NETLOGON calls\n",
+ pdb_get_domain(sampw),
+ pdb_get_username(sampw),
+ sid_string_dbg(user_sid),
+ sid_string_dbg(group_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if(server_info->login_server) {
+ my_name = server_info->login_server;
+ } else {
+ my_name = global_myname();
+ }
+
+ status = nt_token_to_group_list(mem_ctx, &domain_sid,
+ server_info->num_sids,
+ server_info->sids,
+ &num_gids, &gids);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (server_info->user_session_key.length) {
+ memcpy(user_session_key.key,
+ server_info->user_session_key.data,
+ MIN(sizeof(user_session_key.key),
+ server_info->user_session_key.length));
+ if (pipe_session_key) {
+ arcfour_crypt(user_session_key.key, pipe_session_key, 16);
+ }
+ }
+ if (server_info->lm_session_key.length) {
+ memcpy(lm_session_key.key,
+ server_info->lm_session_key.data,
+ MIN(sizeof(lm_session_key.key),
+ server_info->lm_session_key.length));
+ if (pipe_session_key) {
+ arcfour_crypt(lm_session_key.key, pipe_session_key, 8);
+ }
+ }
+
+ groups.count = num_gids;
+ groups.rids = TALLOC_ARRAY(mem_ctx, struct samr_RidWithAttribute, groups.count);
+ if (!groups.rids) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i < groups.count; i++) {
+ groups.rids[i].rid = gids[i].rid;
+ groups.rids[i].attributes = gids[i].attributes;
+ }
+
+ unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
+ unix_to_nt_time(&last_logoff, get_time_t_max());
+ unix_to_nt_time(&acct_expiry, get_time_t_max());
+ unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
+ unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
+ unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
+
+ base->last_logon = last_logon;
+ base->last_logoff = last_logoff;
+ base->acct_expiry = acct_expiry;
+ base->last_password_change = last_password_change;
+ base->allow_password_change = allow_password_change;
+ base->force_password_change = force_password_change;
+ base->account_name.string = talloc_strdup(mem_ctx, pdb_get_username(sampw));
+ base->full_name.string = talloc_strdup(mem_ctx, pdb_get_fullname(sampw));
+ base->logon_script.string = talloc_strdup(mem_ctx, pdb_get_logon_script(sampw));
+ base->profile_path.string = talloc_strdup(mem_ctx, pdb_get_profile_path(sampw));
+ base->home_directory.string = talloc_strdup(mem_ctx, pdb_get_homedir(sampw));
+ base->home_drive.string = talloc_strdup(mem_ctx, pdb_get_dir_drive(sampw));
+ base->logon_count = 0; /* ?? */
+ base->bad_password_count = 0; /* ?? */
+ base->rid = user_rid;
+ base->primary_gid = group_rid;
+ base->groups = groups;
+ base->user_flags = NETLOGON_EXTRA_SIDS;
+ base->key = user_session_key;
+ base->logon_server.string = talloc_strdup(mem_ctx, my_name);
+ base->domain.string = talloc_strdup(mem_ctx, pdb_get_domain(sampw));
+ base->domain_sid = sid;
+ base->LMSessKey = lm_session_key;
+ base->acct_flags = pdb_get_acct_ctrl(sampw);
+
+ ZERO_STRUCT(user_session_key);
+ ZERO_STRUCT(lm_session_key);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
+ already be initialized and is used as the talloc parent for its members.
+*****************************************************************************/
+
+NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamInfo2 *sam2)
+{
+ NTSTATUS status;
+
+ status = serverinfo_to_SamInfo_base(sam2,
+ server_info,
+ pipe_session_key,
+ pipe_session_key_len,
+ &sam2->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
+ already be initialized and is used as the talloc parent for its members.
+*****************************************************************************/
+
+NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamInfo3 *sam3)
+{
+ NTSTATUS status;
+
+ status = serverinfo_to_SamInfo_base(sam3,
+ server_info,
+ pipe_session_key,
+ pipe_session_key_len,
+ &sam3->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ sam3->sidcount = 0;
+ sam3->sids = NULL;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must
+ already be initialized and is used as the talloc parent for its members.
+*****************************************************************************/
+
+NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamInfo6 *sam6)
+{
+ NTSTATUS status;
+ struct pdb_domain_info *dominfo;
+
+ if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
+ DEBUG(10,("Not adding validation info level 6 "
+ "without ADS passdb backend\n"));
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ dominfo = pdb_get_domain_info(sam6);
+ if (dominfo == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = serverinfo_to_SamInfo_base(sam6,
+ server_info,
+ pipe_session_key,
+ pipe_session_key_len,
+ &sam6->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ sam6->sidcount = 0;
+ sam6->sids = NULL;
+
+ sam6->forest.string = talloc_strdup(sam6, dominfo->dns_forest);
+ if (sam6->forest.string == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sam6->principle.string = talloc_asprintf(sam6, "%s@%s",
+ pdb_get_username(server_info->sam_account),
+ dominfo->dns_domain);
+ if (sam6->principle.string == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}