*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/*
typedef struct disp_info {
DOM_SID sid; /* identify which domain this is. */
- BOOL builtin_domain; /* Quick flag to check if this is the builtin domain. */
+ bool builtin_domain; /* Quick flag to check if this is the builtin domain. */
struct pdb_search *users; /* querydispinfo 1 and 4 */
struct pdb_search *machines; /* querydispinfo 2 */
struct pdb_search *groups; /* querydispinfo 3 and 5, enumgroups */
struct samr_info {
/* for use by the \PIPE\samr policy */
DOM_SID sid;
- BOOL builtin_domain; /* Quick flag to check if this is the builtin domain. */
+ bool builtin_domain; /* Quick flag to check if this is the builtin domain. */
uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */
uint32 acc_granted;
DISP_INFO *disp_info;
TALLOC_CTX *mem_ctx;
};
-static struct generic_mapping sam_generic_mapping = {
+static const struct generic_mapping sam_generic_mapping = {
GENERIC_RIGHTS_SAM_READ,
GENERIC_RIGHTS_SAM_WRITE,
GENERIC_RIGHTS_SAM_EXECUTE,
GENERIC_RIGHTS_SAM_ALL_ACCESS};
-static struct generic_mapping dom_generic_mapping = {
+static const struct generic_mapping dom_generic_mapping = {
GENERIC_RIGHTS_DOMAIN_READ,
GENERIC_RIGHTS_DOMAIN_WRITE,
GENERIC_RIGHTS_DOMAIN_EXECUTE,
GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
-static struct generic_mapping usr_generic_mapping = {
+static const struct generic_mapping usr_generic_mapping = {
GENERIC_RIGHTS_USER_READ,
GENERIC_RIGHTS_USER_WRITE,
GENERIC_RIGHTS_USER_EXECUTE,
GENERIC_RIGHTS_USER_ALL_ACCESS};
-static struct generic_mapping usr_nopwchange_generic_mapping = {
+static const struct generic_mapping usr_nopwchange_generic_mapping = {
GENERIC_RIGHTS_USER_READ,
GENERIC_RIGHTS_USER_WRITE,
GENERIC_RIGHTS_USER_EXECUTE & ~SA_RIGHT_USER_CHANGE_PASSWORD,
GENERIC_RIGHTS_USER_ALL_ACCESS};
-static struct generic_mapping grp_generic_mapping = {
+static const struct generic_mapping grp_generic_mapping = {
GENERIC_RIGHTS_GROUP_READ,
GENERIC_RIGHTS_GROUP_WRITE,
GENERIC_RIGHTS_GROUP_EXECUTE,
GENERIC_RIGHTS_GROUP_ALL_ACCESS};
-static struct generic_mapping ali_generic_mapping = {
+static const struct generic_mapping ali_generic_mapping = {
GENERIC_RIGHTS_ALIAS_READ,
GENERIC_RIGHTS_ALIAS_WRITE,
GENERIC_RIGHTS_ALIAS_EXECUTE,
*******************************************************************/
static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size,
- struct generic_mapping *map,
+ const struct generic_mapping *map,
DOM_SID *sid, uint32 sid_access )
{
DOM_SID domadmin_sid;
TALLOC_CTX *mem_ctx;
if (psid) {
- sid_to_string(sid_str, psid);
+ sid_to_fstring(sid_str, psid);
} else {
fstrcpy(sid_str,"(NULL)");
}
static void free_samr_cache(DISP_INFO *disp_info)
{
DEBUG(10, ("free_samr_cache: deleting cache for SID %s\n",
- sid_string_static(&disp_info->sid)));
+ sid_string_dbg(&disp_info->sid)));
/* We need to become root here because the paged search might have to
* tell the LDAP server we're not interested in the rest anymore. */
TALLOC_FREE(disp_info->cache_timeout_event);
DEBUG(10,("set_disp_info_cache_timeout: caching enumeration for "
- "SID %s for %u seconds\n",
- sid_string_static(&disp_info->sid),
+ "SID %s for %u seconds\n", sid_string_dbg(&disp_info->sid),
(unsigned int)secs_fromnow ));
disp_info->cache_timeout_event = event_add_timed(
/*******************************************************************
********************************************************************/
-static BOOL get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
+static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
DOM_SID *sid, uint32 *acc_granted,
DISP_INFO **ppdisp_info)
{
DOM_SID pol_sid;
uint32 acc_granted, i;
SEC_ACL *dacl;
- BOOL ret;
+ bool ret;
struct samu *sampass=NULL;
NTSTATUS status;
unbecome_root();
if (!ret) {
- DEBUG(4, ("User %s not found\n", sid_string_static(&pol_sid)));
+ DEBUG(4, ("User %s not found\n", sid_string_dbg(&pol_sid)));
TALLOC_FREE(sampass);
return NT_STATUS_INVALID_HANDLE;
}
/*******************************************************************
build correct perms based on policies and password times for _samr_query_sec_obj
*******************************************************************/
-static BOOL check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
+static bool check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
{
struct samu *sampass=NULL;
- BOOL ret;
+ bool ret;
if ( !(sampass = samu_new( mem_ctx )) ) {
DEBUG(0,("No memory!\n"));
unbecome_root();
if (ret == False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
TALLOC_FREE(sampass);
return False;
}
NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_QUERY_SEC_OBJ *r_u)
{
DOM_SID pol_sid;
- fstring str_sid;
SEC_DESC * psd = NULL;
uint32 acc_granted;
size_t sd_size;
if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
- DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n",
+ sid_string_dbg(&pol_sid)));
/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
} else if (sid_equal(&pol_sid,get_global_sam_sid())) {
/* check if it is our domain SID */
- DEBUG(5,("_samr_query_sec_obj: querying security on Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(5,("_samr_query_sec_obj: querying security on Domain "
+ "with SID: %s\n", sid_string_dbg(&pol_sid)));
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_equal(&pol_sid,&global_sid_Builtin)) {
/* check if it is the Builtin Domain */
/* TODO: Builtin probably needs a different SD with restricted write access*/
- DEBUG(5,("_samr_query_sec_obj: querying security on Builtin Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(5,("_samr_query_sec_obj: querying security on Builtin "
+ "Domain with SID: %s\n", sid_string_dbg(&pol_sid)));
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_check_is_in_our_domain(&pol_sid) ||
sid_check_is_in_builtin(&pol_sid)) {
/* TODO: different SDs have to be generated for aliases groups and users.
Currently all three get a default user SD */
- DEBUG(10,("_samr_query_sec_obj: querying security on Object with SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(10,("_samr_query_sec_obj: querying security on Object "
+ "with SID: %s\n", sid_string_dbg(&pol_sid)));
if (check_change_pw_access(p->mem_ctx, &pol_sid)) {
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
&pol_sid, SAMR_USR_RIGHTS_WRITE_PW);
return r_u->status;
DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n",
- sid_string_static(&info->sid)));
+ sid_string_dbg(&info->sid)));
become_root();
DOM_SID sid;
struct acct_info info;
uint32 acc_granted;
- BOOL ret;
+ NTSTATUS status;
r_u->status = NT_STATUS_OK;
}
become_root();
- ret = pdb_get_aliasinfo(&sid, &info);
+ status = pdb_get_aliasinfo(&sid, &info);
unbecome_root();
- if ( !ret )
- return NT_STATUS_NO_SUCH_ALIAS;
+ if ( !NT_STATUS_IS_OK(status))
+ return status;
if ( !(r_u->ctr = TALLOC_ZERO_P( p->mem_ctx, ALIAS_INFO_CTR )) )
return NT_STATUS_NO_MEMORY;
int i;
int num_rids = q_u->num_names2;
DOM_SID pol_sid;
- fstring sid_str;
uint32 acc_granted;
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids));
}
- DEBUG(5,("_samr_lookup_names: looking name on SID %s\n", sid_to_string(sid_str, &pol_sid)));
+ DEBUG(5,("_samr_lookup_names: looking name on SID %s\n",
+ sid_string_dbg(&pol_sid)));
for (i = 0; i < num_rids; i++) {
fstring name;
makes a SAMR_R_LOOKUP_RIDS structure.
********************************************************************/
-static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
+static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
const char **names, UNIHDR **pp_hdr_name,
UNISTR2 **pp_uni_name)
{
uint32 acc_granted;
uint32 des_access = q_u->access_mask;
size_t sd_size;
- BOOL ret;
+ bool ret;
NTSTATUS nt_status;
SE_PRIV se_rights;
static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if ( !ret ) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if (ret==False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if (ret==False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_18 * id18, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
return NT_STATUS_ACCESS_DENIED;
ret = pdb_getsampwsid(smbpass, user_sid);
if (ret == False) {
- DEBUG(4, ("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4, ("User %s not found\n", sid_string_dbg(user_sid)));
TALLOC_FREE(smbpass);
return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
}
static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid)
{
struct samu *sampass=NULL;
- BOOL ret;
+ bool ret;
if ( !(sampass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if (ret == False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
DOM_SID *user_sid, DOM_SID *domain_sid)
{
struct samu *sampass=NULL;
- BOOL ret;
+ bool ret;
NTSTATUS nt_status;
if ( !(sampass = samu_new( mem_ctx )) ) {
unbecome_root();
if (ret == False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (!sid_check_is_in_our_domain(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid)));
+ DEBUG(5,("_samr_query_userinfo: sid:%s\n",
+ sid_string_dbg(&info->sid)));
ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_USERINFO_CTR);
if (!ctr)
gid_t *unix_gids;
size_t i, num_gids;
uint32 acc_granted;
- BOOL ret;
+ bool ret;
NTSTATUS result;
- BOOL success = False;
+ bool success = False;
/*
* from the SID in the request:
if (!ret) {
DEBUG(10, ("pdb_getsampwsid failed for %s\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10, ("pdb_enum_group_memberships failed for %s\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return result;
}
if ( !success ) {
DEBUG(5, ("Group sid %s for user %s not in our domain\n",
- sid_string_static(pdb_get_group_sid(sam_pass)),
+ sid_string_dbg(pdb_get_group_sid(sam_pass)),
pdb_get_username(sam_pass)));
TALLOC_FREE(sam_pass);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
if (!sid_peek_check_rid(get_global_sam_sid(),
&(sids[i]), &dom_gid.g_rid)) {
DEBUG(10, ("Found sid %s not in our domain\n",
- sid_string_static(&sids[i])));
+ sid_string_dbg(&sids[i])));
continue;
}
static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
{
enum lsa_SidType type;
- BOOL result;
+ bool result;
DEBUG(10, ("Checking whether [%s] can be created\n", new_name));
become_root();
- /* Lookup in our local databases (only LOOKUP_NAME_ISOLATED set)
+ /* Lookup in our local databases (LOOKUP_NAME_REMOTE not set)
* whether the name already exists */
- result = lookup_name(mem_ctx, new_name, LOOKUP_NAME_ISOLATED,
+ result = lookup_name(mem_ctx, new_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, &type);
unbecome_root();
size_t sd_size;
/* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
- BOOL can_add_account = False;
+ bool can_add_account = False;
SE_PRIV se_rights;
DISP_INFO *disp_info = NULL;
}
}
- DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name, sid_string_static(&sid)));
+ DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name,
+ sid_string_dbg(&sid)));
init_samr_r_lookup_domain(r_u, &sid, r_u->status);
makes a SAMR_R_ENUM_DOMAINS structure.
********************************************************************/
-static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
+static bool make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
UNISTR2 **pp_uni_name, uint32 num_sam_entries, fstring doms[])
{
uint32 i;
{
/* Check we actually have the requested alias */
enum lsa_SidType type;
- BOOL result;
+ bool result;
gid_t gid;
become_root();
set_user_info_16
********************************************************************/
-static BOOL set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
+static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
{
if (id16 == NULL) {
DEBUG(5, ("set_user_info_16: NULL id16\n"));
set_user_info_18
********************************************************************/
-static BOOL set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
+static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
{
if (id18 == NULL) {
set_user_info_20
********************************************************************/
-static BOOL set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
+static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
{
if (id20 == NULL) {
DEBUG(5, ("set_user_info_20: NULL id20\n"));
static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
struct samu *pwd)
{
- pstring plaintext_buf;
- uint32 len;
+ char *plaintext_buf = NULL;
+ uint32 len = 0;
uint16 acct_ctrl;
NTSTATUS status;
-
+
if (id23 == NULL) {
DEBUG(5, ("set_user_info_23: NULL id23\n"));
return NT_STATUS_INVALID_PARAMETER;
}
-
+
DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n",
pdb_get_username(pwd)));
acct_ctrl = pdb_get_acct_ctrl(pwd);
- if (!decode_pw_buffer(id23->pass, plaintext_buf, 256, &len, STR_UNICODE)) {
+ if (!decode_pw_buffer(mem_ctx,
+ id23->pass,
+ &plaintext_buf,
+ &len,
+ STR_UNICODE)) {
TALLOC_FREE(pwd);
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) {
TALLOC_FREE(pwd);
return NT_STATUS_ACCESS_DENIED;
}
-
+
copy_id23_to_sam_passwd(pwd, id23);
-
+
/* if it's a trust account, don't update /etc/passwd */
if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
return NT_STATUS_ACCESS_DENIED;
}
- if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) {
+ passwd = Get_Pwnam_alloc(pwd, pdb_get_username(pwd));
+ if (passwd == NULL) {
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
-
+
if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
TALLOC_FREE(pwd);
return NT_STATUS_ACCESS_DENIED;
}
+ TALLOC_FREE(passwd);
}
}
-
- ZERO_STRUCT(plaintext_buf);
-
+
+ memset(plaintext_buf, '\0', strlen(plaintext_buf));
+
if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) &&
(!NT_STATUS_IS_OK(status = pdb_set_unix_primary_group(mem_ctx,
pwd)))) {
TALLOC_FREE(pwd);
return status;
}
-
+
TALLOC_FREE(pwd);
return NT_STATUS_OK;
set_user_info_pw
********************************************************************/
-static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd)
+static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
{
- uint32 len;
- pstring plaintext_buf;
+ uint32 len = 0;
+ char *plaintext_buf = NULL;
uint32 acct_ctrl;
-
+ time_t last_set_time;
+ enum pdb_value_state last_set_state;
+
DEBUG(5, ("Attempting administrator password change for user %s\n",
pdb_get_username(pwd)));
acct_ctrl = pdb_get_acct_ctrl(pwd);
-
- ZERO_STRUCT(plaintext_buf);
-
- if (!decode_pw_buffer(pass, plaintext_buf, 256, &len, STR_UNICODE)) {
+ /* we need to know if it's expired, because this is an admin change, not a
+ user change, so it's still expired when we're done */
+ last_set_state = pdb_get_init_flags(pwd, PDB_PASSLASTSET);
+ last_set_time = pdb_get_pass_last_set_time(pwd);
+
+ if (!decode_pw_buffer(talloc_tos(),
+ pass,
+ &plaintext_buf,
+ &len,
+ STR_UNICODE)) {
TALLOC_FREE(pwd);
return False;
}
TALLOC_FREE(pwd);
return False;
}
-
+
/* if it's a trust account, don't update /etc/passwd */
if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
return False;
}
- if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) {
+ passwd = Get_Pwnam_alloc(pwd, pdb_get_username(pwd));
+ if (passwd == NULL) {
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
-
+
if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
TALLOC_FREE(pwd);
return False;
}
+ TALLOC_FREE(passwd);
}
}
-
- ZERO_STRUCT(plaintext_buf);
-
+
+ memset(plaintext_buf, '\0', strlen(plaintext_buf));
+
+ /* restore last set time as this is an admin change, not a user pw change */
+ pdb_set_pass_last_set_time (pwd, last_set_time, last_set_state);
+
DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
-
+
/* update the SAMBA password */
if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
TALLOC_FREE(pwd);
SAM_USERINFO_CTR *ctr = q_u->ctr;
uint32 acc_granted;
uint32 acc_required;
- BOOL ret;
- BOOL has_enough_rights = False;
+ bool ret;
+ bool has_enough_rights = False;
uint32 acb_info;
DISP_INFO *disp_info = NULL;
return r_u->status;
}
- DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value));
+ DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n",
+ sid_string_dbg(&sid), switch_value));
if (ctr == NULL) {
DEBUG(5, ("_samr_set_userinfo: NULL info level\n"));
uint16 switch_value = q_u->switch_value;
uint32 acc_granted;
uint32 acc_required;
- BOOL ret;
- BOOL has_enough_rights = False;
+ bool ret;
+ bool has_enough_rights = False;
uint32 acb_info;
DISP_INFO *disp_info = NULL;
return r_u->status;
}
- DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid)));
+ DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n",
+ sid_string_dbg(&sid)));
if (ctr == NULL) {
DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
become_root();
status = pdb_enum_aliasmem(&alias_sid, &sids, &num_sids);
NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u)
{
DOM_SID group_sid;
- fstring group_sid_str;
size_t i, num_members;
uint32 *rid=NULL;
return r_u->status;
}
- sid_to_string(group_sid_str, &group_sid);
- DEBUG(10, ("sid is %s\n", group_sid_str));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
if (!sid_check_is_in_our_domain(&group_sid)) {
- DEBUG(3, ("sid %s is not in our domain\n", group_sid_str));
+ DEBUG(3, ("sid %s is not in our domain\n",
+ sid_string_dbg(&group_sid)));
return NT_STATUS_NO_SUCH_GROUP;
}
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
NTSTATUS ret;
DISP_INFO *disp_info = NULL;
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
NTSTATUS ret;
DISP_INFO *disp_info = NULL;
}
DEBUG(10, ("_samr_del_aliasmem:sid is %s\n",
- sid_string_static(&alias_sid)));
+ sid_string_dbg(&alias_sid)));
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
uint32 group_rid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&group_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
if (!sid_peek_check_rid(get_global_sam_sid(), &group_sid,
&group_rid)) {
uint32 group_rid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/*
DOM_SID user_sid;
struct samu *sam_pass=NULL;
uint32 acc_granted;
- BOOL can_add_accounts;
+ bool can_add_accounts;
uint32 acb_info;
DISP_INFO *disp_info = NULL;
- BOOL ret;
+ bool ret;
DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
if( !ret ) {
DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n",
- sid_string_static(&user_sid)));
+ sid_string_dbg(&user_sid)));
TALLOC_FREE(sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
uint32 group_rid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__));
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&group_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
if (!sid_peek_check_rid(get_global_sam_sid(), &group_sid,
&group_rid)) {
if ( !NT_STATUS_IS_OK(r_u->status) ) {
DEBUG(5,("_samr_delete_dom_group: Failed to delete mapping "
"entry for group %s: %s\n",
- sid_string_static(&group_sid),
+ sid_string_dbg(&group_sid),
nt_errstr(r_u->status)));
return r_u->status;
}
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
- BOOL ret;
+ bool can_add_accounts;
+ NTSTATUS status;
DISP_INFO *disp_info = NULL;
DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__));
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
/* Don't let Windows delete builtin groups */
become_root();
/* Have passdb delete the alias */
- ret = pdb_delete_alias(&alias_sid);
+ status = pdb_delete_alias(&alias_sid);
if ( can_add_accounts )
unbecome_root();
/******** END SeAddUsers BLOCK *********/
- if ( !ret )
- return NT_STATUS_ACCESS_DENIED;
+ if ( !NT_STATUS_IS_OK(status))
+ return status;
if (!close_policy_hnd(p, &q_u->alias_pol))
return NT_STATUS_OBJECT_NAME_INVALID;
struct samr_info *info;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
gid_t gid;
NTSTATUS result;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
+ unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name));
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
GROUP_MAP map;
GROUP_INFO_CTR *ctr;
uint32 acc_granted;
- BOOL ret;
+ bool ret;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
GROUP_INFO_CTR *ctr;
uint32 acc_granted;
NTSTATUS ret;
- BOOL result;
- BOOL can_mod_accounts;
+ bool result;
+ bool can_mod_accounts;
DISP_INFO *disp_info = NULL;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info))
switch (ctr->switch_value1) {
case 1:
- unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1);
+ unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment));
break;
case 4:
- unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1);
+ unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment));
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
struct acct_info info;
ALIAS_INFO_CTR *ctr;
uint32 acc_granted;
- BOOL ret;
- BOOL can_mod_accounts;
+ bool can_mod_accounts;
+ NTSTATUS status;
DISP_INFO *disp_info = NULL;
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted, &disp_info))
/* get the current group information */
become_root();
- ret = pdb_get_aliasinfo( &group_sid, &info );
+ status = pdb_get_aliasinfo( &group_sid, &info );
unbecome_root();
- if ( !ret ) {
- return NT_STATUS_NO_SUCH_ALIAS;
- }
+ if ( !NT_STATUS_IS_OK(status))
+ return status;
switch (ctr->level) {
case 2:
{
fstring group_name, acct_name;
- NTSTATUS status;
/* We currently do not support renaming groups in the
the BUILTIN domain. Refer to util_builtin.c to understand
return NT_STATUS_INVALID_PARAMETER;
unistr2_to_ascii( acct_name, ctr->alias.info2.name.string,
- sizeof(acct_name)-1 );
+ sizeof(acct_name));
/* If the name is the same just reply "ok". Yes this
doesn't allow you to change the case of a group name. */
if ( ctr->alias.info3.description.string ) {
unistr2_to_ascii( info.acct_desc,
ctr->alias.info3.description.string,
- sizeof(info.acct_desc)-1 );
+ sizeof(info.acct_desc));
}
else
fstrcpy( info.acct_desc, "" );
if ( can_mod_accounts )
become_root();
- ret = pdb_set_aliasinfo( &group_sid, &info );
+ status = pdb_set_aliasinfo( &group_sid, &info );
if ( can_mod_accounts )
unbecome_root();
/******** End SeAddUsers BLOCK *********/
- if (ret) {
+ if (NT_STATUS_IS_OK(status))
force_flush_samr_cache(disp_info);
- }
- return ret ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
+ return status;
}
/*********************************************************************
size_t sd_size;
NTSTATUS status;
fstring sid_string;
- BOOL ret;
+ bool ret;
SE_PRIV se_rights;
if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted, NULL))
sid_copy(&info_sid, get_global_sam_sid());
sid_append_rid(&info_sid, q_u->rid_group);
- sid_to_string(sid_string, &info_sid);
+ sid_to_fstring(sid_string, &info_sid);
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
return NT_STATUS_NO_MEMORY;
DISP_INFO *disp_info = NULL;
sid_copy( &delete_sid, &q_u->sid.sid );
-
+
DEBUG(5,("_samr_remove_sid_foreign_domain: removing SID [%s]\n",
- sid_string_static(&delete_sid)));
-
+ sid_string_dbg(&delete_sid)));
+
/* Find the policy handle. Open a policy on it. */
-
+
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &domain_sid,
&acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
if (!NT_STATUS_IS_OK(result))
return result;
- DEBUG(8, ("_samr_remove_sid_foreign_domain:sid is %s\n",
- sid_string_static(&domain_sid)));
+ DEBUG(8, ("_samr_remove_sid_foreign_domain:sid is %s\n",
+ sid_string_dbg(&domain_sid)));
/* we can only delete a user from a group since we don't have
nested groups anyways. So in the latter case, just say OK */
if (!sid_check_is_builtin(&domain_sid)) {
DEBUG(1,("_samr_remove_sid_foreign_domain: domain_sid = %s, "
"global_sam_sid() = %s\n",
- sid_string_static(&domain_sid),
- sid_string_static(get_global_sam_sid())));
+ sid_string_dbg(&domain_sid),
+ sid_string_dbg(get_global_sam_sid())));
DEBUGADD(1,("please report to samba-technical@samba.org!\n"));
return NT_STATUS_OK;
}
git.samba.org / samba.git / blobdiff