#include "lib/ldb/include/ldb_errors.h"
#include "dsdb/common/flags.h"
#include "dsdb/samdb/samdb.h"
-#include "libcli/ldap/ldap.h"
+#include "libcli/ldap/ldap_ndr.h"
#include "libcli/security/security.h"
#include "rpc_server/samr/proto.h"
-#include "db_wrap.h"
+#include "util/util_ldb.h"
+#include "param/param.h"
/* these query macros make samr_Query[User|Group]Info a bit easier to read */
r->out.info->field = samdb_result_uint(msg, attr, 0);
#define QUERY_RID(msg, field, attr) \
r->out.info->field = samdb_result_rid_from_sid(mem_ctx, msg, attr, 0);
-#define QUERY_NTTIME(msg, field, attr) \
- r->out.info->field = samdb_result_nttime(msg, attr, 0);
+#define QUERY_UINT64(msg, field, attr) \
+ r->out.info->field = samdb_result_uint64(msg, attr, 0);
#define QUERY_APASSC(msg, field, attr) \
r->out.info->field = samdb_result_allow_password_change(sam_ctx, mem_ctx, \
a_state->domain_state->domain_dn, msg, attr);
}
/* make sure the sam database is accessible */
- c_state->sam_ctx = samdb_connect(c_state, dce_call->conn->auth_state.session_info);
+ c_state->sam_ctx = samdb_connect(c_state, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
if (c_state->sam_ctx == NULL) {
talloc_free(c_state);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
return NT_STATUS_NO_MEMORY;
}
+ d_state->role = lp_server_role(dce_call->conn->dce_ctx->lp_ctx);
d_state->connect_state = talloc_reference(d_state, c_state);
d_state->sam_ctx = c_state->sam_ctx;
d_state->domain_sid = dom_sid_dup(d_state, r->in.sid);
/*
return DomInfo2
*/
-static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
- struct ldb_message **dom_msgs,
- struct samr_DomInfo2 *info)
+static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_message **dom_msgs,
+ struct samr_DomInfo2 *info)
{
- enum server_role role = lp_server_role();
-
/* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
string */
info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
0);
- switch (role) {
+ switch (state->role) {
case ROLE_DOMAIN_CONTROLLER:
/* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
struct samr_DomInfo7 *info)
{
- enum server_role role = lp_server_role();
-
- switch (role) {
+ switch (state->role) {
case ROLE_DOMAIN_CONTROLLER:
/* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
/* create the group */
- ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_add(d_state->sam_ctx, msg);
switch (ret) {
case LDB_SUCCESS:
break;
cn_name[cn_name_len - 1] = '\0';
container = "CN=Computers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS);
} else if (r->in.acct_flags == ACB_SVRTRUST) {
if (cn_name[cn_name_len - 1] != '$') {
cn_name[cn_name_len - 1] = '\0';
container = "OU=Domain Controllers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DCS);
} else if (r->in.acct_flags == ACB_DOMTRUST) {
container = "CN=Users";
/* Start a transaction, so we can query and do a subsequent atomic modify */
/* create the user */
- ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_add(d_state->sam_ctx, msg);
switch (ret) {
case LDB_SUCCESS:
break;
samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "groupType", GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
/* create the alias */
- ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_add(d_state->sam_ctx, msg);
switch (ret) {
case LDB_SUCCESS:
break;
a_state = h->data;
- ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
+ ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
a_state = h->data;
- ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
+ ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
a_state = h->data;
- ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
+ ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
if (ret != 0) {
+ DEBUG(1, ("Failed to delete user: %s: %s\n",
+ ldb_dn_get_linearized(a_state->account_dn),
+ ldb_errstring(a_state->sam_ctx)));
return NT_STATUS_UNSUCCESSFUL;
}
QUERY_STRING(msg, info3.logon_script, "scriptPath");
QUERY_STRING(msg, info3.profile_path, "profilePath");
QUERY_STRING(msg, info3.workstations, "userWorkstations");
- QUERY_NTTIME(msg, info3.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info3.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info3.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info3.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info3.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info3.last_password_change, "pwdLastSet");
QUERY_APASSC(msg, info3.allow_password_change, "pwdLastSet");
QUERY_FPASSC(msg, info3.force_password_change, "pwdLastSet");
QUERY_LHOURS(msg, info3.logon_hours, "logonHours");
QUERY_STRING(msg, info5.profile_path, "profilePath");
QUERY_STRING(msg, info5.description, "description");
QUERY_STRING(msg, info5.workstations, "userWorkstations");
- QUERY_NTTIME(msg, info5.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info5.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info5.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info5.last_logoff, "lastLogoff");
QUERY_LHOURS(msg, info5.logon_hours, "logonHours");
QUERY_UINT (msg, info5.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info5.logon_count, "logonCount");
- QUERY_NTTIME(msg, info5.last_password_change, "pwdLastSet");
- QUERY_NTTIME(msg, info5.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info5.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info5.acct_expiry, "accountExpires");
QUERY_AFLAGS(msg, info5.acct_flags, "userAccountControl");
break;
break;
case 17:
- QUERY_NTTIME(msg, info17.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info17.acct_expiry, "accountExpires");
+ break;
case 20:
QUERY_STRING(msg, info20.parameters, "userParameters");
break;
case 21:
- QUERY_NTTIME(msg, info21.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info21.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info21.last_password_change, "pwdLastSet");
- QUERY_NTTIME(msg, info21.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info21.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info21.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info21.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info21.acct_expiry, "accountExpires");
QUERY_APASSC(msg, info21.allow_password_change,"pwdLastSet");
QUERY_FPASSC(msg, info21.force_password_change,"pwdLastSet");
QUERY_STRING(msg, info21.account_name, "sAMAccountName");
break;
case 21:
-#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
+#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info21.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info21.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
IFSET(SAMR_FIELD_COUNTRY_CODE)
SET_UINT (msg, info21.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
- SET_UINT (msg, info21.code_page, "codePage");
-
-
- /* Any reason the rest of these can't be set? */
+ SET_UINT (msg, info21.code_page, "codePage");
#undef IFSET
break;
case 23:
#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info23.info.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info23.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
case 25:
#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info25.info.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info25.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
samdb_result_string(res[i], "description", "");
break;
case 2:
- if (!(samdb_result_acct_flags(res[i],
- "userAccountControl") & ACB_WSTRUST)) {
- /* Domain controllers match the
- * filter, but should not be included
- * in the output */
- continue;
- }
entriesFull[count].idx = count + 1;
entriesFull[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];
ZERO_STRUCT(r->out.info);
- sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}