#include "lib/ldb/include/ldb_errors.h"
#include "dsdb/common/flags.h"
#include "dsdb/samdb/samdb.h"
-#include "libcli/ldap/ldap.h"
+#include "libcli/ldap/ldap_ndr.h"
#include "libcli/security/security.h"
#include "rpc_server/samr/proto.h"
-#include "db_wrap.h"
+#include "util/util_ldb.h"
+#include "param/param.h"
/* these query macros make samr_Query[User|Group]Info a bit easier to read */
#define QUERY_STRING(msg, field, attr) \
- r->out.info->field = samdb_result_string(msg, attr, "");
+ r->out.info->field.string = samdb_result_string(msg, attr, "");
#define QUERY_UINT(msg, field, attr) \
r->out.info->field = samdb_result_uint(msg, attr, 0);
#define QUERY_RID(msg, field, attr) \
r->out.info->field = samdb_result_rid_from_sid(mem_ctx, msg, attr, 0);
-#define QUERY_NTTIME(msg, field, attr) \
- r->out.info->field = samdb_result_nttime(msg, attr, 0);
+#define QUERY_UINT64(msg, field, attr) \
+ r->out.info->field = samdb_result_uint64(msg, attr, 0);
#define QUERY_APASSC(msg, field, attr) \
r->out.info->field = samdb_result_allow_password_change(sam_ctx, mem_ctx, \
a_state->domain_state->domain_dn, msg, attr);
/* these are used to make the Set[User|Group]Info code easier to follow */
-#define SET_STRING(mod, field, attr) do { \
- if (r->in.info->field == NULL) return NT_STATUS_INVALID_PARAMETER; \
- if (samdb_msg_add_string(sam_ctx, mem_ctx, mod, attr, r->in.info->field) != 0) { \
- return NT_STATUS_NO_MEMORY; \
- } \
+#define SET_STRING(msg, field, attr) do { \
+ struct ldb_message_element *set_el; \
+ if (r->in.info->field.string == NULL) return NT_STATUS_INVALID_PARAMETER; \
+ if (r->in.info->field.string[0] == '\0') { \
+ if (ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, NULL)) { \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ } \
+ if (ldb_msg_add_string(msg, attr, r->in.info->field.string) != 0) { \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ set_el = ldb_msg_find_element(msg, attr); \
+ set_el->flags = LDB_FLAG_MOD_REPLACE; \
} while (0)
-#define SET_UINT(mod, field, attr) do { \
- if (samdb_msg_add_uint(sam_ctx, mem_ctx, mod, attr, r->in.info->field) != 0) { \
- return NT_STATUS_NO_MEMORY; \
- } \
-} while (0)
-
-#define SET_INT64(mod, field, attr) do { \
- if (samdb_msg_add_int64(sam_ctx, mem_ctx, mod, attr, r->in.info->field) != 0) { \
- return NT_STATUS_NO_MEMORY; \
- } \
-} while (0)
-
-#define SET_UINT64(mod, field, attr) do { \
- if (samdb_msg_add_uint64(sam_ctx, mem_ctx, mod, attr, r->in.info->field) != 0) { \
- return NT_STATUS_NO_MEMORY; \
- } \
-} while (0)
-
-#define SET_AFLAGS(msg, field, attr) do { \
+#define SET_UINT(msg, field, attr) do { \
+ struct ldb_message_element *set_el; \
+ if (samdb_msg_add_uint(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != 0) { \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ set_el = ldb_msg_find_element(msg, attr); \
+ set_el->flags = LDB_FLAG_MOD_REPLACE; \
+} while (0)
+
+#define SET_INT64(msg, field, attr) do { \
+ struct ldb_message_element *set_el; \
+ if (samdb_msg_add_int64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != 0) { \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ set_el = ldb_msg_find_element(msg, attr); \
+ set_el->flags = LDB_FLAG_MOD_REPLACE; \
+} while (0)
+
+#define SET_UINT64(msg, field, attr) do { \
+ struct ldb_message_element *set_el; \
+ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != 0) { \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ set_el = ldb_msg_find_element(msg, attr); \
+ set_el->flags = LDB_FLAG_MOD_REPLACE; \
+} while (0)
+
+#define SET_AFLAGS(msg, field, attr) do { \
+ struct ldb_message_element *set_el; \
if (samdb_msg_add_acct_flags(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != 0) { \
- return NT_STATUS_NO_MEMORY; \
- } \
-} while (0)
-
-#define SET_LHOURS(msg, field, attr) do { \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ set_el = ldb_msg_find_element(msg, attr); \
+ set_el->flags = LDB_FLAG_MOD_REPLACE; \
+} while (0)
+
+#define SET_LHOURS(msg, field, attr) do { \
+ struct ldb_message_element *set_el; \
if (samdb_msg_add_logon_hours(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != 0) { \
- return NT_STATUS_NO_MEMORY; \
- } \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ set_el = ldb_msg_find_element(msg, attr); \
+ set_el->flags = LDB_FLAG_MOD_REPLACE; \
} while (0)
}
/* make sure the sam database is accessible */
- c_state->sam_ctx = samdb_connect(c_state, dce_call->conn->auth_state.session_info);
+ c_state->sam_ctx = samdb_connect(c_state, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
if (c_state->sam_ctx == NULL) {
talloc_free(c_state);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
return NT_STATUS_NO_MEMORY;
}
+ d_state->role = lp_server_role(dce_call->conn->dce_ctx->lp_ctx);
d_state->connect_state = talloc_reference(d_state, c_state);
d_state->sam_ctx = c_state->sam_ctx;
d_state->domain_sid = dom_sid_dup(d_state, r->in.sid);
/*
return DomInfo2
*/
-static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
- struct ldb_message **dom_msgs,
- struct samr_DomInfo2 *info)
+static NTSTATUS dcesrv_samr_info_DomInfo2(struct samr_domain_state *state,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_message **dom_msgs,
+ struct samr_DomInfo2 *info)
{
- enum server_role role = lp_server_role();
-
/* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
string */
info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount",
0);
- switch (role) {
+ switch (state->role) {
case ROLE_DOMAIN_CONTROLLER:
/* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
break;
}
- /* TODO: Should these filter on SID, to avoid counting BUILTIN? */
+ /* No users in BUILTIN, and the LOCAL group types are only in builtin, and the global group type is never in BUILTIN */
info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn,
"(objectClass=user)");
info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn,
struct samr_DomInfo7 *info)
{
- enum server_role role = lp_server_role();
-
- switch (role) {
+ switch (state->role) {
case ROLE_DOMAIN_CONTROLLER:
/* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
SET_UINT64 (msg, info3.force_logoff_time, "forceLogoff");
break;
case 4:
- SET_STRING(msg, info4.comment.string, "comment");
+ SET_STRING(msg, info4.comment, "comment");
break;
case 6:
}
/* modify the samdb record */
- ret = samdb_replace(sam_ctx, mem_ctx, msg);
+ ret = ldb_modify(sam_ctx, msg);
if (ret != 0) {
DEBUG(1,("Failed to modify record %s: %s\n",
ldb_dn_get_linearized(d_state->domain_dn),
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
/* create the group */
- ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_add(d_state->sam_ctx, msg);
switch (ret) {
case LDB_SUCCESS:
break;
/* This must be one of these values *only* */
if (r->in.acct_flags == ACB_NORMAL) {
- container = "Users";
+ container = "CN=Users";
obj_class = "user";
} else if (r->in.acct_flags == ACB_WSTRUST) {
return NT_STATUS_FOOBAR;
}
cn_name[cn_name_len - 1] = '\0';
- container = "Computers";
+ container = "CN=Computers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS);
} else if (r->in.acct_flags == ACB_SVRTRUST) {
if (cn_name[cn_name_len - 1] != '$') {
return NT_STATUS_FOOBAR;
}
cn_name[cn_name_len - 1] = '\0';
- container = "Domain Controllers";
+ container = "OU=Domain Controllers";
obj_class = "computer";
+ samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DCS);
} else if (r->in.acct_flags == ACB_DOMTRUST) {
- container = "Users";
+ container = "CN=Users";
obj_class = "user";
} else {
/* add core elements to the ldb_message for the user */
msg->dn = ldb_dn_copy(mem_ctx, d_state->domain_dn);
- if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s,CN=%s", cn_name, container)) {
+ if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s,%s", cn_name, container)) {
ldb_transaction_cancel(d_state->sam_ctx);
return NT_STATUS_FOOBAR;
}
/* Start a transaction, so we can query and do a subsequent atomic modify */
/* create the user */
- ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_add(d_state->sam_ctx, msg);
switch (ret) {
case LDB_SUCCESS:
break;
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
struct ldb_message **res;
- int count, i, first;
+ int count, num_filtered_entries, i, first;
struct samr_SamEntry *entries;
- const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
+ const char * const attrs[] = { "objectSid", "sAMAccountName", "userAccountControl", NULL };
*r->out.resume_handle = 0;
r->out.sam = NULL;
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
+ num_filtered_entries = 0;
for (i=0;i<count;i++) {
- entries[i].idx = samdb_result_rid_from_sid(mem_ctx, res[i], "objectSid", 0);
- entries[i].name.string = samdb_result_string(res[i], "sAMAccountName", "");
+ /* Check if a mask has been requested */
+ if (r->in.acct_flags
+ && ((samdb_result_acct_flags(res[i],
+ "userAccountControl") & r->in.acct_flags) == 0)) {
+ continue;
+ }
+ entries[num_filtered_entries].idx = samdb_result_rid_from_sid(mem_ctx, res[i], "objectSid", 0);
+ entries[num_filtered_entries].name.string = samdb_result_string(res[i], "sAMAccountName", "");
+ num_filtered_entries++;
}
/* sort the results by rid */
- qsort(entries, count, sizeof(struct samr_SamEntry),
+ qsort(entries, num_filtered_entries, sizeof(struct samr_SamEntry),
(comparison_fn_t)compare_SamEntry);
/* find the first entry to return */
for (first=0;
- first<count && entries[first].idx <= *r->in.resume_handle;
+ first<num_filtered_entries && entries[first].idx <= *r->in.resume_handle;
first++) ;
- if (first == count) {
- return NT_STATUS_OK;
- }
-
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 54 */
- r->out.num_entries = count - first;
+ r->out.num_entries = num_filtered_entries - first;
r->out.num_entries = MIN(r->out.num_entries,
1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER));
r->out.sam->entries = entries+first;
r->out.sam->count = r->out.num_entries;
- if (r->out.num_entries < count - first) {
+ if (first == num_filtered_entries) {
+ return NT_STATUS_OK;
+ }
+
+ if (r->out.num_entries < num_filtered_entries - first) {
*r->out.resume_handle = entries[first+r->out.num_entries-1].idx;
return STATUS_MORE_ENTRIES;
}
samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "groupType", GTYPE_SECURITY_DOMAIN_LOCAL_GROUP);
/* create the alias */
- ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_add(d_state->sam_ctx, msg);
switch (ret) {
case LDB_SUCCESS:
break;
/* Fill in the level */
switch (r->in.level) {
case GROUPINFOALL:
- QUERY_STRING(msg, all.name.string, "sAMAccountName");
+ QUERY_STRING(msg, all.name, "sAMAccountName");
r->out.info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */
QUERY_UINT (msg, all.num_members, "numMembers")
- QUERY_STRING(msg, all.description.string, "description");
+ QUERY_STRING(msg, all.description, "description");
break;
case GROUPINFONAME:
- QUERY_STRING(msg, name.string, "sAMAccountName");
+ QUERY_STRING(msg, name, "sAMAccountName");
break;
case GROUPINFOATTRIBUTES:
r->out.info->attributes.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */
break;
case GROUPINFODESCRIPTION:
- QUERY_STRING(msg, description.string, "description");
+ QUERY_STRING(msg, description, "description");
break;
case GROUPINFOALL2:
- QUERY_STRING(msg, all2.name.string, "sAMAccountName");
+ QUERY_STRING(msg, all2.name, "sAMAccountName");
r->out.info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */
QUERY_UINT (msg, all2.num_members, "numMembers")
- QUERY_STRING(msg, all2.description.string, "description");
+ QUERY_STRING(msg, all2.description, "description");
break;
default:
r->out.info = NULL;
switch (r->in.level) {
case GROUPINFODESCRIPTION:
- SET_STRING(msg, description.string, "description");
+ SET_STRING(msg, description, "description");
break;
case GROUPINFONAME:
/* On W2k3 this does not change the name, it changes the
* sAMAccountName attribute */
- SET_STRING(msg, name.string, "sAMAccountName");
+ SET_STRING(msg, name, "sAMAccountName");
break;
case GROUPINFOATTRIBUTES:
/* This does not do anything obviously visible in W2k3 LDAP */
}
/* modify the samdb record */
- ret = samdb_replace(g_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_modify(g_state->sam_ctx, msg);
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
memberdn) != 0)
return NT_STATUS_UNSUCCESSFUL;
- ret = samdb_modify(a_state->sam_ctx, mem_ctx, mod);
+ ret = ldb_modify(a_state->sam_ctx, mod);
switch (ret) {
case LDB_SUCCESS:
return NT_STATUS_OK;
a_state = h->data;
- ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
+ ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_NO_MEMORY;
}
- ret = samdb_modify(a_state->sam_ctx, mem_ctx, mod);
+ ret = ldb_modify(a_state->sam_ctx, mod);
switch (ret) {
case LDB_SUCCESS:
return NT_STATUS_OK;
switch(r->in.level) {
case ALIASINFOALL:
- QUERY_STRING(msg, all.name.string, "sAMAccountName");
+ QUERY_STRING(msg, all.name, "sAMAccountName");
QUERY_UINT (msg, all.num_members, "numMembers");
- QUERY_STRING(msg, all.description.string, "description");
+ QUERY_STRING(msg, all.description, "description");
break;
case ALIASINFONAME:
- QUERY_STRING(msg, name.string, "sAMAccountName");
+ QUERY_STRING(msg, name, "sAMAccountName");
break;
case ALIASINFODESCRIPTION:
- QUERY_STRING(msg, description.string, "description");
+ QUERY_STRING(msg, description, "description");
break;
default:
r->out.info = NULL;
switch (r->in.level) {
case ALIASINFODESCRIPTION:
- SET_STRING(msg, description.string, "description");
+ SET_STRING(msg, description, "description");
break;
case ALIASINFONAME:
/* On W2k3 this does not change the name, it changes the
* sAMAccountName attribute */
- SET_STRING(msg, name.string, "sAMAccountName");
+ SET_STRING(msg, name, "sAMAccountName");
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
/* modify the samdb record */
- ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_modify(a_state->sam_ctx, msg);
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
a_state = h->data;
- ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
+ ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
ldb_dn_alloc_linearized(mem_ctx, memberdn)) != 0)
return NT_STATUS_UNSUCCESSFUL;
- if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0)
+ if (ldb_modify(a_state->sam_ctx, mod) != 0)
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
memberdn) != 0)
return NT_STATUS_UNSUCCESSFUL;
- if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0)
+ if (ldb_modify(a_state->sam_ctx, mod) != 0)
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
a_state = h->data;
- ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
+ ret = ldb_delete(a_state->sam_ctx, a_state->account_dn);
if (ret != 0) {
+ DEBUG(1, ("Failed to delete user: %s: %s\n",
+ ldb_dn_get_linearized(a_state->account_dn),
+ ldb_errstring(a_state->sam_ctx)));
return NT_STATUS_UNSUCCESSFUL;
}
/* fill in the reply */
switch (r->in.level) {
case 1:
- QUERY_STRING(msg, info1.account_name.string, "sAMAccountName");
- QUERY_STRING(msg, info1.full_name.string, "displayName");
+ QUERY_STRING(msg, info1.account_name, "sAMAccountName");
+ QUERY_STRING(msg, info1.full_name, "displayName");
QUERY_UINT (msg, info1.primary_gid, "primaryGroupID");
- QUERY_STRING(msg, info1.description.string, "description");
- QUERY_STRING(msg, info1.comment.string, "comment");
+ QUERY_STRING(msg, info1.description, "description");
+ QUERY_STRING(msg, info1.comment, "comment");
break;
case 2:
- QUERY_STRING(msg, info2.comment.string, "comment");
+ QUERY_STRING(msg, info2.comment, "comment");
QUERY_UINT (msg, info2.country_code, "countryCode");
QUERY_UINT (msg, info2.code_page, "codePage");
break;
case 3:
- QUERY_STRING(msg, info3.account_name.string, "sAMAccountName");
- QUERY_STRING(msg, info3.full_name.string, "displayName");
+ QUERY_STRING(msg, info3.account_name, "sAMAccountName");
+ QUERY_STRING(msg, info3.full_name, "displayName");
QUERY_RID (msg, info3.rid, "objectSid");
QUERY_UINT (msg, info3.primary_gid, "primaryGroupID");
- QUERY_STRING(msg, info3.home_directory.string, "homeDirectory");
- QUERY_STRING(msg, info3.home_drive.string, "homeDrive");
- QUERY_STRING(msg, info3.logon_script.string, "scriptPath");
- QUERY_STRING(msg, info3.profile_path.string, "profilePath");
- QUERY_STRING(msg, info3.workstations.string, "userWorkstations");
- QUERY_NTTIME(msg, info3.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info3.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info3.last_password_change, "pwdLastSet");
+ QUERY_STRING(msg, info3.home_directory, "homeDirectory");
+ QUERY_STRING(msg, info3.home_drive, "homeDrive");
+ QUERY_STRING(msg, info3.logon_script, "scriptPath");
+ QUERY_STRING(msg, info3.profile_path, "profilePath");
+ QUERY_STRING(msg, info3.workstations, "userWorkstations");
+ QUERY_UINT64(msg, info3.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info3.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info3.last_password_change, "pwdLastSet");
QUERY_APASSC(msg, info3.allow_password_change, "pwdLastSet");
QUERY_FPASSC(msg, info3.force_password_change, "pwdLastSet");
QUERY_LHOURS(msg, info3.logon_hours, "logonHours");
break;
case 5:
- QUERY_STRING(msg, info5.account_name.string, "sAMAccountName");
- QUERY_STRING(msg, info5.full_name.string, "displayName");
+ QUERY_STRING(msg, info5.account_name, "sAMAccountName");
+ QUERY_STRING(msg, info5.full_name, "displayName");
QUERY_RID (msg, info5.rid, "objectSid");
QUERY_UINT (msg, info5.primary_gid, "primaryGroupID");
- QUERY_STRING(msg, info5.home_directory.string, "homeDirectory");
- QUERY_STRING(msg, info5.home_drive.string, "homeDrive");
- QUERY_STRING(msg, info5.logon_script.string, "scriptPath");
- QUERY_STRING(msg, info5.profile_path.string, "profilePath");
- QUERY_STRING(msg, info5.description.string, "description");
- QUERY_STRING(msg, info5.workstations.string, "userWorkstations");
- QUERY_NTTIME(msg, info5.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info5.last_logoff, "lastLogoff");
+ QUERY_STRING(msg, info5.home_directory, "homeDirectory");
+ QUERY_STRING(msg, info5.home_drive, "homeDrive");
+ QUERY_STRING(msg, info5.logon_script, "scriptPath");
+ QUERY_STRING(msg, info5.profile_path, "profilePath");
+ QUERY_STRING(msg, info5.description, "description");
+ QUERY_STRING(msg, info5.workstations, "userWorkstations");
+ QUERY_UINT64(msg, info5.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info5.last_logoff, "lastLogoff");
QUERY_LHOURS(msg, info5.logon_hours, "logonHours");
QUERY_UINT (msg, info5.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info5.logon_count, "logonCount");
- QUERY_NTTIME(msg, info5.last_password_change, "pwdLastSet");
- QUERY_NTTIME(msg, info5.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info5.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info5.acct_expiry, "accountExpires");
QUERY_AFLAGS(msg, info5.acct_flags, "userAccountControl");
break;
case 6:
- QUERY_STRING(msg, info6.account_name.string, "sAMAccountName");
- QUERY_STRING(msg, info6.full_name.string, "displayName");
+ QUERY_STRING(msg, info6.account_name, "sAMAccountName");
+ QUERY_STRING(msg, info6.full_name, "displayName");
break;
case 7:
- QUERY_STRING(msg, info7.account_name.string, "sAMAccountName");
+ QUERY_STRING(msg, info7.account_name, "sAMAccountName");
break;
case 8:
- QUERY_STRING(msg, info8.full_name.string, "displayName");
+ QUERY_STRING(msg, info8.full_name, "displayName");
break;
case 9:
- QUERY_UINT (msg, info9.primary_gid, "primaryGroupID");
+ QUERY_UINT (msg, info9.primary_gid, "primaryGroupID");
break;
case 10:
- QUERY_STRING(msg, info10.home_directory.string,"homeDirectory");
- QUERY_STRING(msg, info10.home_drive.string, "homeDrive");
+ QUERY_STRING(msg, info10.home_directory,"homeDirectory");
+ QUERY_STRING(msg, info10.home_drive, "homeDrive");
break;
case 11:
- QUERY_STRING(msg, info11.logon_script.string, "scriptPath");
+ QUERY_STRING(msg, info11.logon_script, "scriptPath");
break;
case 12:
- QUERY_STRING(msg, info12.profile_path.string, "profilePath");
+ QUERY_STRING(msg, info12.profile_path, "profilePath");
break;
case 13:
- QUERY_STRING(msg, info13.description.string, "description");
+ QUERY_STRING(msg, info13.description, "description");
break;
case 14:
- QUERY_STRING(msg, info14.workstations.string, "userWorkstations");
+ QUERY_STRING(msg, info14.workstations, "userWorkstations");
break;
case 16:
- QUERY_AFLAGS(msg, info16.acct_flags, "userAccountControl");
+ QUERY_AFLAGS(msg, info16.acct_flags, "userAccountControl");
break;
case 17:
- QUERY_NTTIME(msg, info17.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info17.acct_expiry, "accountExpires");
+ break;
case 20:
- QUERY_STRING(msg, info20.parameters.string, "userParameters");
+ QUERY_STRING(msg, info20.parameters, "userParameters");
break;
case 21:
- QUERY_NTTIME(msg, info21.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info21.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info21.last_password_change, "pwdLastSet");
- QUERY_NTTIME(msg, info21.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info21.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info21.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info21.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info21.acct_expiry, "accountExpires");
QUERY_APASSC(msg, info21.allow_password_change,"pwdLastSet");
QUERY_FPASSC(msg, info21.force_password_change,"pwdLastSet");
- QUERY_STRING(msg, info21.account_name.string, "sAMAccountName");
- QUERY_STRING(msg, info21.full_name.string, "displayName");
- QUERY_STRING(msg, info21.home_directory.string,"homeDirectory");
- QUERY_STRING(msg, info21.home_drive.string, "homeDrive");
- QUERY_STRING(msg, info21.logon_script.string, "scriptPath");
- QUERY_STRING(msg, info21.profile_path.string, "profilePath");
- QUERY_STRING(msg, info21.description.string, "description");
- QUERY_STRING(msg, info21.workstations.string, "userWorkstations");
- QUERY_STRING(msg, info21.comment.string, "comment");
- QUERY_STRING(msg, info21.parameters.string, "userParameters");
+ QUERY_STRING(msg, info21.account_name, "sAMAccountName");
+ QUERY_STRING(msg, info21.full_name, "displayName");
+ QUERY_STRING(msg, info21.home_directory, "homeDirectory");
+ QUERY_STRING(msg, info21.home_drive, "homeDrive");
+ QUERY_STRING(msg, info21.logon_script, "scriptPath");
+ QUERY_STRING(msg, info21.profile_path, "profilePath");
+ QUERY_STRING(msg, info21.description, "description");
+ QUERY_STRING(msg, info21.workstations, "userWorkstations");
+ QUERY_STRING(msg, info21.comment, "comment");
+ QUERY_STRING(msg, info21.parameters, "userParameters");
QUERY_RID (msg, info21.rid, "objectSid");
QUERY_UINT (msg, info21.primary_gid, "primaryGroupID");
QUERY_AFLAGS(msg, info21.acct_flags, "userAccountControl");
switch (r->in.level) {
case 2:
- SET_STRING(msg, info2.comment.string, "comment");
- SET_UINT (msg, info2.country_code, "countryCode");
- SET_UINT (msg, info2.code_page, "codePage");
+ SET_STRING(msg, info2.comment, "comment");
+ SET_UINT (msg, info2.country_code, "countryCode");
+ SET_UINT (msg, info2.code_page, "codePage");
break;
case 4:
- SET_LHOURS(msg, info4.logon_hours, "logonHours");
+ SET_LHOURS(msg, info4.logon_hours, "logonHours");
break;
case 6:
- SET_STRING(msg, info6.full_name.string, "displayName");
+ SET_STRING(msg, info6.full_name, "displayName");
break;
case 7:
- SET_STRING(msg, info7.account_name.string, "samAccountName");
+ SET_STRING(msg, info7.account_name, "samAccountName");
break;
case 8:
- SET_STRING(msg, info8.full_name.string, "displayName");
+ SET_STRING(msg, info8.full_name, "displayName");
break;
case 9:
- SET_UINT(msg, info9.primary_gid, "primaryGroupID");
+ SET_UINT(msg, info9.primary_gid, "primaryGroupID");
break;
case 10:
- SET_STRING(msg, info10.home_directory.string, "homeDirectory");
- SET_STRING(msg, info10.home_drive.string, "homeDrive");
+ SET_STRING(msg, info10.home_directory, "homeDirectory");
+ SET_STRING(msg, info10.home_drive, "homeDrive");
break;
case 11:
- SET_STRING(msg, info11.logon_script.string, "scriptPath");
+ SET_STRING(msg, info11.logon_script, "scriptPath");
break;
case 12:
- SET_STRING(msg, info12.profile_path.string, "profilePath");
+ SET_STRING(msg, info12.profile_path, "profilePath");
break;
case 13:
- SET_STRING(msg, info13.description.string, "description");
+ SET_STRING(msg, info13.description, "description");
break;
case 14:
- SET_STRING(msg, info14.workstations.string, "userWorkstations");
+ SET_STRING(msg, info14.workstations, "userWorkstations");
break;
case 16:
- SET_AFLAGS(msg, info16.acct_flags, "userAccountControl");
+ SET_AFLAGS(msg, info16.acct_flags, "userAccountControl");
break;
case 17:
- SET_UINT64(msg, info17.acct_expiry, "accountExpires");
+ SET_UINT64(msg, info17.acct_expiry, "accountExpires");
break;
case 20:
- SET_STRING(msg, info20.parameters.string, "userParameters");
+ SET_STRING(msg, info20.parameters, "userParameters");
break;
case 21:
-#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
+#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info21.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
- SET_STRING(msg, info21.account_name.string, "samAccountName");
+ SET_STRING(msg, info21.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
- SET_STRING(msg, info21.full_name.string, "displayName");
+ SET_STRING(msg, info21.full_name, "displayName");
IFSET(SAMR_FIELD_DESCRIPTION)
- SET_STRING(msg, info21.description.string, "description");
+ SET_STRING(msg, info21.description, "description");
IFSET(SAMR_FIELD_COMMENT)
- SET_STRING(msg, info21.comment.string, "comment");
+ SET_STRING(msg, info21.comment, "comment");
IFSET(SAMR_FIELD_LOGON_SCRIPT)
- SET_STRING(msg, info21.logon_script.string, "scriptPath");
+ SET_STRING(msg, info21.logon_script, "scriptPath");
IFSET(SAMR_FIELD_PROFILE_PATH)
- SET_STRING(msg, info21.profile_path.string, "profilePath");
+ SET_STRING(msg, info21.profile_path, "profilePath");
IFSET(SAMR_FIELD_HOME_DIRECTORY)
- SET_STRING(msg, info21.home_directory.string, "homeDirectory");
+ SET_STRING(msg, info21.home_directory, "homeDirectory");
IFSET(SAMR_FIELD_HOME_DRIVE)
- SET_STRING(msg, info21.home_drive.string, "homeDrive");
+ SET_STRING(msg, info21.home_drive, "homeDrive");
IFSET(SAMR_FIELD_WORKSTATIONS)
- SET_STRING(msg, info21.workstations.string, "userWorkstations");
+ SET_STRING(msg, info21.workstations, "userWorkstations");
IFSET(SAMR_FIELD_LOGON_HOURS)
- SET_LHOURS(msg, info21.logon_hours, "logonHours");
+ SET_LHOURS(msg, info21.logon_hours, "logonHours");
IFSET(SAMR_FIELD_ACCT_FLAGS)
- SET_AFLAGS(msg, info21.acct_flags, "userAccountControl");
+ SET_AFLAGS(msg, info21.acct_flags, "userAccountControl");
IFSET(SAMR_FIELD_PARAMETERS)
- SET_STRING(msg, info21.parameters.string, "userParameters");
+ SET_STRING(msg, info21.parameters, "userParameters");
IFSET(SAMR_FIELD_COUNTRY_CODE)
- SET_UINT (msg, info21.country_code, "countryCode");
+ SET_UINT (msg, info21.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
- SET_UINT (msg, info21.code_page, "codePage");
-
-
- /* Any reason the rest of these can't be set? */
+ SET_UINT (msg, info21.code_page, "codePage");
#undef IFSET
break;
case 23:
#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info23.info.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
- SET_STRING(msg, info23.info.account_name.string, "samAccountName");
+ SET_STRING(msg, info23.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
- SET_STRING(msg, info23.info.full_name.string, "displayName");
+ SET_STRING(msg, info23.info.full_name, "displayName");
IFSET(SAMR_FIELD_DESCRIPTION)
- SET_STRING(msg, info23.info.description.string, "description");
+ SET_STRING(msg, info23.info.description, "description");
IFSET(SAMR_FIELD_COMMENT)
- SET_STRING(msg, info23.info.comment.string, "comment");
+ SET_STRING(msg, info23.info.comment, "comment");
IFSET(SAMR_FIELD_LOGON_SCRIPT)
- SET_STRING(msg, info23.info.logon_script.string, "scriptPath");
+ SET_STRING(msg, info23.info.logon_script, "scriptPath");
IFSET(SAMR_FIELD_PROFILE_PATH)
- SET_STRING(msg, info23.info.profile_path.string, "profilePath");
+ SET_STRING(msg, info23.info.profile_path, "profilePath");
IFSET(SAMR_FIELD_WORKSTATIONS)
- SET_STRING(msg, info23.info.workstations.string, "userWorkstations");
+ SET_STRING(msg, info23.info.workstations, "userWorkstations");
IFSET(SAMR_FIELD_LOGON_HOURS)
- SET_LHOURS(msg, info23.info.logon_hours, "logonHours");
+ SET_LHOURS(msg, info23.info.logon_hours, "logonHours");
IFSET(SAMR_FIELD_ACCT_FLAGS)
- SET_AFLAGS(msg, info23.info.acct_flags, "userAccountControl");
+ SET_AFLAGS(msg, info23.info.acct_flags, "userAccountControl");
IFSET(SAMR_FIELD_PARAMETERS)
- SET_STRING(msg, info23.info.parameters.string, "userParameters");
+ SET_STRING(msg, info23.info.parameters, "userParameters");
IFSET(SAMR_FIELD_COUNTRY_CODE)
- SET_UINT (msg, info23.info.country_code, "countryCode");
+ SET_UINT (msg, info23.info.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
- SET_UINT (msg, info23.info.code_page, "codePage");
+ SET_UINT (msg, info23.info.code_page, "codePage");
IFSET(SAMR_FIELD_PASSWORD) {
status = samr_set_password(dce_call,
a_state->sam_ctx,
case 25:
#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info25.info.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
- SET_STRING(msg, info25.info.account_name.string, "samAccountName");
+ SET_STRING(msg, info25.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
- SET_STRING(msg, info25.info.full_name.string, "displayName");
+ SET_STRING(msg, info25.info.full_name, "displayName");
IFSET(SAMR_FIELD_DESCRIPTION)
- SET_STRING(msg, info25.info.description.string, "description");
+ SET_STRING(msg, info25.info.description, "description");
IFSET(SAMR_FIELD_COMMENT)
- SET_STRING(msg, info25.info.comment.string, "comment");
+ SET_STRING(msg, info25.info.comment, "comment");
IFSET(SAMR_FIELD_LOGON_SCRIPT)
- SET_STRING(msg, info25.info.logon_script.string, "scriptPath");
+ SET_STRING(msg, info25.info.logon_script, "scriptPath");
IFSET(SAMR_FIELD_PROFILE_PATH)
- SET_STRING(msg, info25.info.profile_path.string, "profilePath");
+ SET_STRING(msg, info25.info.profile_path, "profilePath");
IFSET(SAMR_FIELD_WORKSTATIONS)
- SET_STRING(msg, info25.info.workstations.string, "userWorkstations");
+ SET_STRING(msg, info25.info.workstations, "userWorkstations");
IFSET(SAMR_FIELD_LOGON_HOURS)
- SET_LHOURS(msg, info25.info.logon_hours, "logonHours");
+ SET_LHOURS(msg, info25.info.logon_hours, "logonHours");
IFSET(SAMR_FIELD_ACCT_FLAGS)
- SET_AFLAGS(msg, info25.info.acct_flags, "userAccountControl");
+ SET_AFLAGS(msg, info25.info.acct_flags, "userAccountControl");
IFSET(SAMR_FIELD_PARAMETERS)
- SET_STRING(msg, info25.info.parameters.string, "userParameters");
+ SET_STRING(msg, info25.info.parameters, "userParameters");
IFSET(SAMR_FIELD_COUNTRY_CODE)
- SET_UINT (msg, info25.info.country_code, "countryCode");
+ SET_UINT (msg, info25.info.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
- SET_UINT (msg, info25.info.code_page, "codePage");
+ SET_UINT (msg, info25.info.code_page, "codePage");
IFSET(SAMR_FIELD_PASSWORD) {
status = samr_set_password_ex(dce_call,
a_state->sam_ctx,
}
/* modify the samdb record */
- ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
+ ret = ldb_modify(a_state->sam_ctx, msg);
if (ret != 0) {
DEBUG(1,("Failed to modify record %s: %s\n",
ldb_dn_get_linearized(a_state->account_dn),
struct samr_domain_state *d_state;
struct ldb_message **res;
int ldb_cnt, count, i;
- const char * const attrs[4] = { "objectSid", "sAMAccountName",
- "description", NULL };
+ const char * const attrs[] = { "objectSid", "sAMAccountName", "displayName",
+ "description", "userAccountControl", NULL };
struct samr_DispEntryFull *entriesFull = NULL;
struct samr_DispEntryFullGroup *entriesFullGroup = NULL;
struct samr_DispEntryAscii *entriesAscii = NULL;
entriesFull[count].idx = count + 1;
entriesFull[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];
+
+ /* No idea why we need to or in ACB_NORMAL here, but this is what Win2k3 seems to do... */
entriesFull[count].acct_flags =
samdb_result_acct_flags(res[i],
- "userAccountControl");
+ "userAccountControl") | ACB_NORMAL;
entriesFull[count].account_name.string =
samdb_result_string(res[i], "sAMAccountName",
"");
"member", memberdn) != 0)
return NT_STATUS_NO_MEMORY;
- if (samdb_modify(d_state->sam_ctx, mem_ctx, mod) != 0)
+ if (ldb_modify(d_state->sam_ctx, mod) != 0)
return NT_STATUS_UNSUCCESSFUL;
talloc_free(mod);
ZERO_STRUCT(r->out.info);
- sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}