chgpasswd.c: Added comments to #ifdefs
authorJeremy Allison <jra@samba.org>
Thu, 14 May 1998 01:30:40 +0000 (01:30 +0000)
committerJeremy Allison <jra@samba.org>
Thu, 14 May 1998 01:30:40 +0000 (01:30 +0000)
ipc.c: Caused samba password changing not to be done if UNIX password
       changing requested and not successful.
util.c: Added string_to_sid() and sid_to_string() functions.
lib/rpc/client/cli_samr.c:
lib/rpc/include/rpc_misc.h:
lib/rpc/parse/parse_lsa.c:
lib/rpc/parse/parse_misc.c:
lib/rpc/parse/parse_net.c:
lib/rpc/parse/parse_samr.c:
lib/rpc/server/srv_lsa.c:
lib/rpc/server/srv_lsa_hnd.c:
lib/rpc/server/srv_netlog.c:
lib/rpc/server/srv_samr.c:
lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs
around as char *, they are converted to DOM_SID at the earliest
opportunity, and passed around as that. Also added dynamic memory
allocation of group sids. Preparing to auto-generate machine sid.
Jeremy.
(This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)

17 files changed:
source3/include/proto.h
source3/include/rpc_misc.h
source3/lib/util.c
source3/lib/util_hnd.c
source3/lsarpcd/srv_lsa.c
source3/rpc_client/cli_samr.c
source3/rpc_parse/parse_lsa.c
source3/rpc_parse/parse_misc.c
source3/rpc_parse/parse_net.c
source3/rpc_parse/parse_samr.c
source3/rpc_server/srv_lsa.c
source3/rpc_server/srv_lsa_hnd.c
source3/rpc_server/srv_netlog.c
source3/rpc_server/srv_samr.c
source3/rpc_server/srv_util.c
source3/smbd/chgpasswd.c
source3/smbd/ipc.c

index e574861b65e11beaf987cee46daa59df78636bcc..7f7322122ee7b0204207c566a5b0bd893d9484ba 100644 (file)
@@ -297,8 +297,8 @@ void make_q_query(LSA_Q_QUERY_INFO *q_q, POLICY_HND *hnd, uint16 info_class);
 void lsa_io_q_query(char *desc,  LSA_Q_QUERY_INFO *q_q, prs_struct *ps, int depth);
 void lsa_io_q_enum_trust_dom(char *desc,  LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct *ps, int depth);
 void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
-                               uint32 enum_context, char *domain_name, char *domain_sid,
-                               uint32 status);
+                           uint32 enum_context, char *domain_name, DOM_SID *domain_sid,
+                           uint32 status);
 void lsa_io_r_enum_trust_dom(char *desc,  LSA_R_ENUM_TRUST_DOM *r_e, prs_struct *ps, int depth);
 void make_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd);
 void lsa_io_q_close(char *desc,  LSA_Q_CLOSE *q_c, prs_struct *ps, int depth);
@@ -320,9 +320,8 @@ void smb_io_lookup_level(char *desc, LOOKUP_LEVEL *level, prs_struct *ps, int de
 uint32 get_enum_hnd(ENUM_HND *enh);
 void make_enum_hnd(ENUM_HND *enh, uint32 hnd);
 void smb_io_enum_hnd(char *desc,  ENUM_HND *hnd, prs_struct *ps, int depth);
-void make_dom_sid(DOM_SID *sid, char *str_sid);
 void smb_io_dom_sid(char *desc,  DOM_SID *sid, prs_struct *ps, int depth);
-void make_dom_sid2(DOM_SID2 *sid, char *str_sid);
+void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid);
 void smb_io_dom_sid2(char *desc,  DOM_SID2 *sid, prs_struct *ps, int depth);
 void make_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer);
 void smb_io_strhdr(char *desc,  STRHDR *hdr, prs_struct *ps, int depth);
@@ -459,7 +458,7 @@ void make_net_user_info3(NET_USER_INFO_3 *usr,
        char *logon_srv,
        char *logon_dom,
 
-       char *dom_sid,
+       DOM_SID *dom_sid,
        char *other_sids);
 void net_io_user_info3(char *desc,  NET_USER_INFO_3 *usr, prs_struct *ps, int depth);
 void net_io_q_sam_logon(char *desc,  NET_Q_SAM_LOGON *q_l, prs_struct *ps, int depth);
@@ -562,7 +561,7 @@ void make_samr_q_close_hnd(SAMR_Q_CLOSE_HND *q_c, POLICY_HND *hnd);
 void samr_io_q_close_hnd(char *desc,  SAMR_Q_CLOSE_HND *q_u, prs_struct *ps, int depth);
 void samr_io_r_close_hnd(char *desc,  SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int depth);
 void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
-                               POLICY_HND *connect_pol, uint32 rid, char *sid);
+                               POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid);
 void samr_io_q_open_domain(char *desc,  SAMR_Q_OPEN_DOMAIN *q_u, prs_struct *ps, int depth);
 void samr_io_r_open_domain(char *desc,  SAMR_R_OPEN_DOMAIN *r_u, prs_struct *ps, int depth);
 void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
@@ -571,7 +570,7 @@ void samr_io_q_unknown_8(char *desc,  SAMR_Q_UNKNOWN_8 *q_u, prs_struct *ps, int
 void make_samr_q_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
                                POLICY_HND *user_pol, uint16 switch_value);
 void samr_io_q_unknown_3(char *desc,  SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int depth);
-void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sid);
+void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sidstr);
 void sam_io_dom_sid3(char *desc,  DOM_SID3 *sid3, prs_struct *ps, int depth);
 void make_sam_sid_stuff(SAM_SID_STUFF *stf,
                                uint16 unknown_2, uint16 unknown_3,
@@ -909,7 +908,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
 
 /*The following definitions come from  lib/rpc/server/srv_util.c  */
 
-int make_dom_gids(char *gids_str, DOM_GID *gids);
+int make_dom_gids(char *gids_str, DOM_GID **ppgids);
 BOOL create_rpc_reply(pipes_struct *p,
                                uint32 data_start, uint32 data_end);
 BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds,
@@ -2043,8 +2042,6 @@ int struni2(uint16 *p, char *buf);
 char *unistr(char *buf);
 int unistrncpy(char *dst, char *src, int len);
 int unistrcpy(char *dst, char *src);
-void fstrcpy(char *dest, char *src);
-void fstrcat(char *dest, char *src);
 char *safe_strcpy(char *dest, char *src, int maxlength);
 char *safe_strcat(char *dest, char *src, int maxlength);
 char *align4(char *q, char *base);
@@ -2053,7 +2050,8 @@ char *align_offset(char *q, char *base, int align_offset_len);
 void print_asc(int level, unsigned char *buf,int len);
 void dump_data(int level,char *buf1,int len);
 char *tab_depth(int depth);
-char *dom_sid_to_string(DOM_SID *sid);
+char *sid_to_string(pstring sidstr_out, DOM_SID *sid);
+BOOL string_to_sid(DOM_SID *sidout, char *sidstr);
 
 /*The following definitions come from  web/cgi.c  */
 
index c6e0d8d5ee526bd4b465182205fa940828f99ce0..7406916cce93881d0c7fa75ead7f2d808d86678d 100644 (file)
@@ -85,6 +85,10 @@ typedef struct sid_info
   uint8  sid_rev_num;             /* SID revision number */
   uint8  num_auths;               /* number of sub-authorities */
   uint8  id_auth[6];              /* Identifier Authority */
+  /*
+   * Note that the values in these uint32's are in *native* byteorder,
+   * not neccessarily little-endian...... JRA.
+   */
   uint32 sub_auths[MAXSUBAUTHS];  /* pointer to sub-authorities. */
 
 } DOM_SID;
index 1e4a6fc27fc1e78454132c07cfb62dc6a6caec2a..503ee2bf81158d3602dcacbb94d7c522d204bf0d 100644 (file)
@@ -4943,29 +4943,85 @@ char *tab_depth(int depth)
 }
 
 /*****************************************************************
- Convert a domain SID to an ascii string. (non-reentrant).
+ Convert a SID to an ascii string.
 *****************************************************************/
 
-/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
-char *dom_sid_to_string(DOM_SID *sid)
+char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
 {
-  static pstring sidstr;
   char subauth[16];
   int i;
+  /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
   uint32 ia = (sid->id_auth[5]) +
               (sid->id_auth[4] << 8 ) +
               (sid->id_auth[3] << 16) +
               (sid->id_auth[2] << 24);
 
-  slprintf(sidstr, sizeof(sidstr) - 1, "S-%d-%d", sid->sid_rev_num, ia);
+  slprintf(sidstr_out, sizeof(pstring) - 1, "S-%d-%d", sid->sid_rev_num, ia);
 
   for (i = 0; i < sid->num_auths; i++)
   {
     slprintf(subauth, sizeof(subauth)-1, "-%d", sid->sub_auths[i]);
-    pstrcat(sidstr, subauth);
+    pstrcat(sidstr_out, subauth);
   }
 
-  DEBUG(7,("dom_sid_to_string returning %s\n", sidstr));
-  return sidstr;
+  DEBUG(7,("sid_to_string returning %s\n", sidstr_out));
+  return sidstr_out;
 }
 
+/*****************************************************************
+ Convert a string to a SID. Returns True on success, False on fail.
+*****************************************************************/  
+   
+BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
+{
+  pstring tok;
+  char *p = sidstr;
+  /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
+  uint32 ia;
+
+  memset((char *)sidout, '\0', sizeof(DOM_SID));
+
+  if(StrnCaseCmp( sidstr, "S-", 2)) {
+    DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
+    return False;
+  }
+
+  p += 2;
+  if(!next_token(&p, tok, "-")) {
+    DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+    return False;
+  }
+
+  /* Get the revision number. */
+  sidout->sid_rev_num = atoi(tok);
+
+  if(!next_token(&p, tok, "-")) {
+    DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+    return False;
+  }
+
+  /* identauth in decimal should be <  2^32 */
+  ia = atoi(tok);
+
+  /* NOTE - the ia value is in big-endian format. */
+  sidout->id_auth[0] = 0;
+  sidout->id_auth[1] = 0;
+  sidout->id_auth[2] = (ia & 0xff000000) >> 24;
+  sidout->id_auth[3] = (ia & 0x00ff0000) >> 16;
+  sidout->id_auth[4] = (ia & 0x0000ff00) >> 8;
+  sidout->id_auth[5] = (ia & 0x000000ff);
+
+  sidout->num_auths = 0;
+
+  while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) {
+    /* 
+     * NOTE - the subauths are in native machine-endian format. They
+     * are converted to little-endian when linearized onto the wire.
+     */
+    sidout->sub_auths[sidout->num_auths++] = atoi(tok);
+  }
+
+  DEBUG(7,("string_to_sid: converted SID %s ok\n", sidstr));
+
+  return True;
+}
index 1d1341d16e3adf47e4c36abceb7a922f9549e920..91844ee8a22e15e80b6ed352a9007cde70a48429 100644 (file)
@@ -206,22 +206,23 @@ BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status)
 ****************************************************************************/
 BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
 {
-       int pnum = find_lsa_policy_by_hnd(hnd);
+  pstring sidstr;
+  int pnum = find_lsa_policy_by_hnd(hnd);
 
-       if (OPEN_POL(pnum))
-       {
-               DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
-                         timestring(), dom_sid_to_string(sid), pnum));
+  if (OPEN_POL(pnum))
+  {
+    DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
+          timestring(), sid_to_string(sidstr, sid), pnum));
 
-               memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
-               return True;
-       }
-       else
-       {
-               DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
-                         timestring(), dom_sid_to_string(sid), pnum));
-               return False;
-       }
+    memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
+    return True;
+  }
+  else
+  {
+    DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
+          timestring(), sid_to_string(sidstr, sid), pnum));
+    return False;
+  }
 }
 
 /****************************************************************************
index 60b74cf599100d6cad22a23f1d06975e95c52281..df4b95db9edc0e17440f078abea06bf198b96106 100644 (file)
@@ -6,7 +6,8 @@
  *  Copyright (C) Andrew Tridgell              1992-1997,
  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
  *  Copyright (C) Paul Ashton                       1997.
- *  
+ *  Copyright (C) Jeremy Allison                    1998.
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
@@ -52,7 +53,7 @@ static void lsa_reply_open_policy(prs_struct *rdata)
 /***************************************************************************
 make_dom_query
  ***************************************************************************/
-static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid)
+static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
 {
        int domlen = strlen(dom_name);
 
@@ -73,7 +74,7 @@ lsa_reply_query_info
  ***************************************************************************/
 static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
                                prs_struct *rdata,
-                               uint32 enum_context, char *dom_name, char *dom_sid)
+                               uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
 {
        LSA_R_ENUM_TRUST_DOM r_e;
 
@@ -89,7 +90,7 @@ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
 lsa_reply_query_info
  ***************************************************************************/
 static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
-                               char *dom_name, char *dom_sid)
+                               char *dom_name, DOM_SID *dom_sid)
 {
        LSA_R_QUERY_INFO r_q;
 
@@ -112,14 +113,10 @@ make_dom_ref
  pretty much hard-coded choice of "other" sids, unfortunately...
 
  ***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref,
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid,
+                         DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        int len_dom_name   = strlen(dom_name);
-       int len_other_sid1 = strlen(other_sid1);
-       int len_other_sid2 = strlen(other_sid2);
-       int len_other_sid3 = strlen(other_sid3);
 
        ref->undoc_buffer = 1;
        ref->num_ref_doms_1 = 4;
@@ -128,9 +125,9 @@ static void make_dom_ref(DOM_R_REF *ref,
        ref->num_ref_doms_2 = 4;
 
        make_uni_hdr2(&(ref->hdr_dom_name  ), len_dom_name  , len_dom_name  , 0);
-       make_uni_hdr2(&(ref->hdr_ref_dom[0]), len_other_sid1, len_other_sid1, 0);
-       make_uni_hdr2(&(ref->hdr_ref_dom[1]), len_other_sid2, len_other_sid2, 0);
-       make_uni_hdr2(&(ref->hdr_ref_dom[2]), len_other_sid3, len_other_sid3, 0);
+       make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+       make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+       make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
 
        if (dom_name != NULL)
        {
@@ -148,8 +145,8 @@ make_reply_lookup_rids
  ***************************************************************************/
 static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
                                int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+                               char *dom_name, DOM_SID *dom_sid,
+                               DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        int i;
 
@@ -232,8 +229,8 @@ lsa_reply_lookup_sids
  ***************************************************************************/
 static void lsa_reply_lookup_sids(prs_struct *rdata,
                                int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+                               char *dom_name, DOM_SID *dom_sid,
+                               DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        LSA_R_LOOKUP_SIDS r_l;
        DOM_R_REF ref;
@@ -254,8 +251,8 @@ lsa_reply_lookup_rids
  ***************************************************************************/
 static void lsa_reply_lookup_rids(prs_struct *rdata,
                                int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+                               char *dom_name, DOM_SID *dom_sid,
+                               DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        LSA_R_LOOKUP_RIDS r_l;
 
@@ -309,16 +306,16 @@ static void api_lsa_query_info( int uid, prs_struct *data,
 {
        LSA_Q_QUERY_INFO q_i;
        pstring dom_name;
-       pstring dom_sid;
+       DOM_SID dom_sid;
 
        /* grab the info class and policy handle */
        lsa_io_q_query("", &q_i, data, 0);
 
        pstrcpy(dom_name, lp_workgroup());
-       pstrcpy(dom_sid , lp_domain_sid());
+       string_to_sid(&dom_sid, lp_domain_sid());
 
        /* construct reply.  return status is always 0x0 */
-       lsa_reply_query_info(&q_i, rdata, dom_name, dom_sid);
+       lsa_reply_query_info(&q_i, rdata, dom_name, &dom_sid);
 }
 
 /***************************************************************************
@@ -329,19 +326,26 @@ static void api_lsa_lookup_sids( int uid, prs_struct *data,
 {
        LSA_Q_LOOKUP_SIDS q_l;
        pstring dom_name;
-       pstring dom_sid;
+       DOM_SID dom_sid;
+       DOM_SID sid_S_1_1;
+       DOM_SID sid_S_1_3;
+       DOM_SID sid_S_1_5;
 
        /* grab the info class and policy handle */
        lsa_io_q_lookup_sids("", &q_l, data, 0);
 
        pstrcpy(dom_name, lp_workgroup());
-       pstrcpy(dom_sid , lp_domain_sid());
+
+       string_to_sid(&dom_sid , lp_domain_sid());
+       string_to_sid(&sid_S_1_1, "S-1-1");
+        string_to_sid(&sid_S_1_3, "S-1-3");
+        string_to_sid(&sid_S_1_5, "S-1-5");
 
        /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_sids(rdata,
-                   q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
-                               dom_name, dom_sid, /* domain name, domain SID */
-                               "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+                              q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
+                              dom_name, &dom_sid, /* domain name, domain SID */
+                              &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
 }
 
 /***************************************************************************
@@ -353,7 +357,10 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
        int i;
        LSA_Q_LOOKUP_RIDS q_l;
        pstring dom_name;
-       pstring dom_sid;
+       DOM_SID dom_sid;
+       DOM_SID sid_S_1_1;
+       DOM_SID sid_S_1_3;
+       DOM_SID sid_S_1_5;
        uint32 dom_rids[MAX_LOOKUP_SIDS];
        uint32 dummy_g_rid;
 
@@ -361,7 +368,11 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
        lsa_io_q_lookup_rids("", &q_l, data, 0);
 
        pstrcpy(dom_name, lp_workgroup());
-       pstrcpy(dom_sid , lp_domain_sid());
+
+       string_to_sid(&dom_sid , lp_domain_sid());
+       string_to_sid(&sid_S_1_1, "S-1-1");
+        string_to_sid(&sid_S_1_3, "S-1-3");
+        string_to_sid(&sid_S_1_5, "S-1-5");
 
        /* convert received RIDs to strings, so we can do them. */
        for (i = 0; i < q_l.num_entries; i++)
@@ -376,9 +387,9 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
 
        /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_rids(rdata,
-                   q_l.num_entries, dom_rids, /* text-converted SIDs */
-                               dom_name, dom_sid, /* domain name, domain SID */
-                               "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+                              q_l.num_entries, dom_rids, /* text-converted SIDs */
+                              dom_name, &dom_sid, /* domain name, domain SID */
+                              &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
 }
 
 /***************************************************************************
index 7a04d8ec356d0aa47724f02d7be67a1b60425598..7089cd09fa579dfe22d876f10a95f6fe185e2a36 100644 (file)
@@ -362,7 +362,7 @@ BOOL do_samr_open_user(struct cli_state *cli, int t_idx, uint16 fnum,
 do a SAMR Open Domain
 ****************************************************************************/
 BOOL do_samr_open_domain(struct cli_state *cli, int t_idx, uint16 fnum, 
-                               POLICY_HND *connect_pol, uint32 rid, char *sid,
+                               POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
                                POLICY_HND *domain_pol)
 {
        prs_struct data;
index 202c3b6da397e72b2122e38c527d8d87c23a1ca0..6bd916ed32121d2028dd3d0680e5d2ce7883efa6 100644 (file)
@@ -247,8 +247,8 @@ void lsa_io_q_enum_trust_dom(char *desc,  LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct
 makes an LSA_R_ENUM_TRUST_DOM structure.
 ********************************************************************/
 void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
-                               uint32 enum_context, char *domain_name, char *domain_sid,
-                               uint32 status)
+                           uint32 enum_context, char *domain_name, DOM_SID *domain_sid,
+                           uint32 status)
 {
        if (r_e == NULL) return;
 
index b46bcd9f896beb93b2c1f67b658a238bdffb5d0c..35ca6c9553cdb9237ac968cecc5b902c19b55c43 100644 (file)
@@ -115,61 +115,6 @@ void smb_io_enum_hnd(char *desc,  ENUM_HND *hnd, prs_struct *ps, int depth)
        }
 }
 
-/*******************************************************************
-creates a DOM_SID structure.
-
-BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 
-identauth >= 2^32 can be detected because it will be specified in hex
-
-********************************************************************/
-void make_dom_sid(DOM_SID *sid, char *str_sid)
-{
-       pstring domsid;
-       int identauth;
-       char *p;
-
-       if (sid == NULL) return;
-
-       if (domsid == NULL)
-       {
-               DEBUG(4,("netlogon domain SID: none\n"));
-               sid->sid_rev_num = 0;
-               sid->num_auths = 0;
-               return;
-       }
-               
-       pstrcpy(domsid, str_sid);
-
-       DEBUG(4,("make_dom_sid %d SID:  %s\n", __LINE__, domsid));
-
-       /* assume, but should check, that domsid starts "S-" */
-       p = strtok(domsid+2,"-");
-       sid->sid_rev_num = atoi(p);
-
-       /* identauth in decimal should be <  2^32 */
-       /* identauth in hex     should be >= 2^32 */
-       identauth = atoi(strtok(0,"-"));
-
-       DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num));
-       DEBUG(4,("netlogon %s ia %d\n", p, identauth));
-
-       sid->id_auth[0] = 0;
-       sid->id_auth[1] = 0;
-       sid->id_auth[2] = (identauth & 0xff000000) >> 24;
-       sid->id_auth[3] = (identauth & 0x00ff0000) >> 16;
-       sid->id_auth[4] = (identauth & 0x0000ff00) >> 8;
-       sid->id_auth[5] = (identauth & 0x000000ff);
-
-       sid->num_auths = 0;
-
-       while ((p = strtok(0, "-")) != NULL && sid->num_auths < MAXSUBAUTHS)
-       {
-               sid->sub_auths[sid->num_auths++] = atoi(p);
-       }
-
-       DEBUG(4,("make_dom_sid: %d SID:  %s\n", __LINE__, domsid));
-}
-
 /*******************************************************************
 reads or writes a DOM_SID structure.
 ********************************************************************/
@@ -203,10 +148,10 @@ void smb_io_dom_sid(char *desc,  DOM_SID *sid, prs_struct *ps, int depth)
 /*******************************************************************
 creates a DOM_SID2 structure.
 ********************************************************************/
-void make_dom_sid2(DOM_SID2 *sid, char *str_sid)
+void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid)
 {
-       make_dom_sid(&(sid->sid), str_sid);
-       sid->num_auths = sid->sid.num_auths;
+        sid2->sid = *sid;
+       sid2->num_auths = sid2->sid.num_auths;
 }
 
 /*******************************************************************
index c74ace8d636bc28c6b32a60ad030aebf4f42fbaa..fd9f7255dead750c14492f3ede55b52b300e74b3 100644 (file)
@@ -560,7 +560,9 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids)
 
        for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++) 
        {
-               make_dom_sid2(&sids[count], s2);
+                DOM_SID tmpsid;
+                string_to_sid(&tmpsid, s2);
+               make_dom_sid2(&sids[count], &tmpsid);
        }
 
        return count;
@@ -908,7 +910,7 @@ void make_net_user_info3(NET_USER_INFO_3 *usr,
        char *logon_srv,
        char *logon_dom,
 
-       char *dom_sid,
+       DOM_SID *dom_sid,
        char *other_sids)
 {
        /* only cope with one "other" sid, right now. */
index 44248bfc64d383f255da75b306b625019a983540..09c47ab25a5aef88f1db7bd96c74232108d47489 100644 (file)
@@ -78,7 +78,7 @@ void samr_io_r_close_hnd(char *desc,  SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int
 reads or writes a structure.
 ********************************************************************/
 void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
-                               POLICY_HND *connect_pol, uint32 rid, char *sid)
+                               POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid)
 {
        if (q_u == NULL) return;
 
@@ -204,11 +204,11 @@ void samr_io_q_unknown_3(char *desc,  SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int
 
  calculate length by adding up the size of the components.
  ********************************************************************/
-void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sid)
+void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sidstr)
 {
        if (sid3 == NULL) return;
 
-       make_dom_sid(&(sid3->sid), sid);
+       string_to_sid(&(sid3->sid), sidstr);
        sid3->len = 2 + 8 + sid3->sid.num_auths * 4;
 }
 
index 60b74cf599100d6cad22a23f1d06975e95c52281..df4b95db9edc0e17440f078abea06bf198b96106 100644 (file)
@@ -6,7 +6,8 @@
  *  Copyright (C) Andrew Tridgell              1992-1997,
  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
  *  Copyright (C) Paul Ashton                       1997.
- *  
+ *  Copyright (C) Jeremy Allison                    1998.
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
@@ -52,7 +53,7 @@ static void lsa_reply_open_policy(prs_struct *rdata)
 /***************************************************************************
 make_dom_query
  ***************************************************************************/
-static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid)
+static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
 {
        int domlen = strlen(dom_name);
 
@@ -73,7 +74,7 @@ lsa_reply_query_info
  ***************************************************************************/
 static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
                                prs_struct *rdata,
-                               uint32 enum_context, char *dom_name, char *dom_sid)
+                               uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
 {
        LSA_R_ENUM_TRUST_DOM r_e;
 
@@ -89,7 +90,7 @@ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
 lsa_reply_query_info
  ***************************************************************************/
 static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
-                               char *dom_name, char *dom_sid)
+                               char *dom_name, DOM_SID *dom_sid)
 {
        LSA_R_QUERY_INFO r_q;
 
@@ -112,14 +113,10 @@ make_dom_ref
  pretty much hard-coded choice of "other" sids, unfortunately...
 
  ***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref,
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid,
+                         DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        int len_dom_name   = strlen(dom_name);
-       int len_other_sid1 = strlen(other_sid1);
-       int len_other_sid2 = strlen(other_sid2);
-       int len_other_sid3 = strlen(other_sid3);
 
        ref->undoc_buffer = 1;
        ref->num_ref_doms_1 = 4;
@@ -128,9 +125,9 @@ static void make_dom_ref(DOM_R_REF *ref,
        ref->num_ref_doms_2 = 4;
 
        make_uni_hdr2(&(ref->hdr_dom_name  ), len_dom_name  , len_dom_name  , 0);
-       make_uni_hdr2(&(ref->hdr_ref_dom[0]), len_other_sid1, len_other_sid1, 0);
-       make_uni_hdr2(&(ref->hdr_ref_dom[1]), len_other_sid2, len_other_sid2, 0);
-       make_uni_hdr2(&(ref->hdr_ref_dom[2]), len_other_sid3, len_other_sid3, 0);
+       make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+       make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+       make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
 
        if (dom_name != NULL)
        {
@@ -148,8 +145,8 @@ make_reply_lookup_rids
  ***************************************************************************/
 static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
                                int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+                               char *dom_name, DOM_SID *dom_sid,
+                               DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        int i;
 
@@ -232,8 +229,8 @@ lsa_reply_lookup_sids
  ***************************************************************************/
 static void lsa_reply_lookup_sids(prs_struct *rdata,
                                int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+                               char *dom_name, DOM_SID *dom_sid,
+                               DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        LSA_R_LOOKUP_SIDS r_l;
        DOM_R_REF ref;
@@ -254,8 +251,8 @@ lsa_reply_lookup_rids
  ***************************************************************************/
 static void lsa_reply_lookup_rids(prs_struct *rdata,
                                int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
-                               char *dom_name, char *dom_sid,
-                               char *other_sid1, char *other_sid2, char *other_sid3)
+                               char *dom_name, DOM_SID *dom_sid,
+                               DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
 {
        LSA_R_LOOKUP_RIDS r_l;
 
@@ -309,16 +306,16 @@ static void api_lsa_query_info( int uid, prs_struct *data,
 {
        LSA_Q_QUERY_INFO q_i;
        pstring dom_name;
-       pstring dom_sid;
+       DOM_SID dom_sid;
 
        /* grab the info class and policy handle */
        lsa_io_q_query("", &q_i, data, 0);
 
        pstrcpy(dom_name, lp_workgroup());
-       pstrcpy(dom_sid , lp_domain_sid());
+       string_to_sid(&dom_sid, lp_domain_sid());
 
        /* construct reply.  return status is always 0x0 */
-       lsa_reply_query_info(&q_i, rdata, dom_name, dom_sid);
+       lsa_reply_query_info(&q_i, rdata, dom_name, &dom_sid);
 }
 
 /***************************************************************************
@@ -329,19 +326,26 @@ static void api_lsa_lookup_sids( int uid, prs_struct *data,
 {
        LSA_Q_LOOKUP_SIDS q_l;
        pstring dom_name;
-       pstring dom_sid;
+       DOM_SID dom_sid;
+       DOM_SID sid_S_1_1;
+       DOM_SID sid_S_1_3;
+       DOM_SID sid_S_1_5;
 
        /* grab the info class and policy handle */
        lsa_io_q_lookup_sids("", &q_l, data, 0);
 
        pstrcpy(dom_name, lp_workgroup());
-       pstrcpy(dom_sid , lp_domain_sid());
+
+       string_to_sid(&dom_sid , lp_domain_sid());
+       string_to_sid(&sid_S_1_1, "S-1-1");
+        string_to_sid(&sid_S_1_3, "S-1-3");
+        string_to_sid(&sid_S_1_5, "S-1-5");
 
        /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_sids(rdata,
-                   q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
-                               dom_name, dom_sid, /* domain name, domain SID */
-                               "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+                              q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
+                              dom_name, &dom_sid, /* domain name, domain SID */
+                              &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
 }
 
 /***************************************************************************
@@ -353,7 +357,10 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
        int i;
        LSA_Q_LOOKUP_RIDS q_l;
        pstring dom_name;
-       pstring dom_sid;
+       DOM_SID dom_sid;
+       DOM_SID sid_S_1_1;
+       DOM_SID sid_S_1_3;
+       DOM_SID sid_S_1_5;
        uint32 dom_rids[MAX_LOOKUP_SIDS];
        uint32 dummy_g_rid;
 
@@ -361,7 +368,11 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
        lsa_io_q_lookup_rids("", &q_l, data, 0);
 
        pstrcpy(dom_name, lp_workgroup());
-       pstrcpy(dom_sid , lp_domain_sid());
+
+       string_to_sid(&dom_sid , lp_domain_sid());
+       string_to_sid(&sid_S_1_1, "S-1-1");
+        string_to_sid(&sid_S_1_3, "S-1-3");
+        string_to_sid(&sid_S_1_5, "S-1-5");
 
        /* convert received RIDs to strings, so we can do them. */
        for (i = 0; i < q_l.num_entries; i++)
@@ -376,9 +387,9 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
 
        /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_rids(rdata,
-                   q_l.num_entries, dom_rids, /* text-converted SIDs */
-                               dom_name, dom_sid, /* domain name, domain SID */
-                               "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+                              q_l.num_entries, dom_rids, /* text-converted SIDs */
+                              dom_name, &dom_sid, /* domain name, domain SID */
+                              &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
 }
 
 /***************************************************************************
index 1d1341d16e3adf47e4c36abceb7a922f9549e920..91844ee8a22e15e80b6ed352a9007cde70a48429 100644 (file)
@@ -206,22 +206,23 @@ BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status)
 ****************************************************************************/
 BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
 {
-       int pnum = find_lsa_policy_by_hnd(hnd);
+  pstring sidstr;
+  int pnum = find_lsa_policy_by_hnd(hnd);
 
-       if (OPEN_POL(pnum))
-       {
-               DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
-                         timestring(), dom_sid_to_string(sid), pnum));
+  if (OPEN_POL(pnum))
+  {
+    DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
+          timestring(), sid_to_string(sidstr, sid), pnum));
 
-               memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
-               return True;
-       }
-       else
-       {
-               DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
-                         timestring(), dom_sid_to_string(sid), pnum));
-               return False;
-       }
+    memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
+    return True;
+  }
+  else
+  {
+    DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
+          timestring(), sid_to_string(sidstr, sid), pnum));
+    return False;
+  }
 }
 
 /****************************************************************************
index 958f0bf14dfd24fe713a9477111ac0a3cd7289d9..edc2d859df4e0caa7a9d12967b6a5acda688b921 100644 (file)
@@ -6,7 +6,8 @@
  *  Copyright (C) Andrew Tridgell              1992-1997,
  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
  *  Copyright (C) Paul Ashton                       1997.
- *  
+ *  Copyright (C) Jeremy Allison                    1998.
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
@@ -563,200 +564,213 @@ static void api_net_sam_logon( int uid,
                                prs_struct *data,
                                prs_struct *rdata)
 {
-       NET_Q_SAM_LOGON q_l;
-       NET_ID_INFO_CTR ctr;    
-       NET_USER_INFO_3 usr_info;
-       uint32 status = 0x0;
-       DOM_CRED srv_cred;
-       struct smb_passwd *smb_pass = NULL;
-       UNISTR2 *uni_samlogon_user = NULL;
-
-       user_struct *vuser = NULL;
-
-       if ((vuser = get_valid_user_struct(uid)) == NULL) return;
-
-       q_l.sam_id.ctr = &ctr;
-
-       net_io_q_sam_logon("", &q_l, data, 0);
-
-       /* checks and updates credentials.  creates reply credentials */
-       if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), 
-                       &(q_l.sam_id.client.cred), &srv_cred))
-       {
-               status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
-       }
-       else
-       {
-               memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
-       }
-
-       /* find the username */
-
-       if (status == 0x0)
-       {
-               switch (q_l.sam_id.logon_level)
-               {
-                       case 1:
-                       {
-                               uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
-
-                               DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ",
-                                         lp_workgroup()));
-                               break;
-                       }
-                       case 2:
-                       {
-                               uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
-
-                               DEBUG(3,("SAM Logon (Network). Domain:[%s].  ",
-                                         lp_workgroup()));
-                               break;
-                       }
-                       default:
-                       {
-                               DEBUG(2,("SAM Logon: unsupported switch value\n"));
-                               status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
-                               break;
-                       }
-               }
-       }
-
-       /* check username exists */
-
-       if (status == 0x0)
-       {
-               pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
-                                               uni_samlogon_user->uni_str_len));
-
-               DEBUG(3,("User:[%s]\n", samlogon_user));
-
-               become_root(True);
-               smb_pass = getsampwnam(samlogon_user);
-               unbecome_root(True);
-
-               if (smb_pass == NULL)
-               {
-                       status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
-               }
-       }
-
-       /* validate password. */
-
-       if (status == 0x0)
-       {
-               switch (q_l.sam_id.logon_level)
-               {
-                       case 1:
-                       {
-                               /* interactive login. */
-                               status = net_login_interactive(&q_l.sam_id.ctr->auth.id1,
-                                                              smb_pass, vuser);
-                               break;
-                       }
-                       case 2:
-                       {
-                               /* network login.  lm challenge and 24 byte responses */
-                               status = net_login_network(&q_l.sam_id.ctr->auth.id2,
-                                                          smb_pass, vuser);
-                               break;
-                       }
-               }
-       }
+  NET_Q_SAM_LOGON q_l;
+  NET_ID_INFO_CTR ctr; 
+  NET_USER_INFO_3 usr_info;
+  uint32 status = 0x0;
+  DOM_CRED srv_cred;
+  struct smb_passwd *smb_pass = NULL;
+  UNISTR2 *uni_samlogon_user = NULL;
+
+  user_struct *vuser = NULL;
+
+  if ((vuser = get_valid_user_struct(uid)) == NULL)
+    return;
+
+  q_l.sam_id.ctr = &ctr;
+
+  net_io_q_sam_logon("", &q_l, data, 0);
+
+  /* checks and updates credentials.  creates reply credentials */
+  if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), 
+                       &(q_l.sam_id.client.cred), &srv_cred))
+  {
+    status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+  }
+  else
+  {
+    memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
+  }
+
+  /* find the username */
+
+  if (status == 0)
+  {
+    switch (q_l.sam_id.logon_level)
+    {
+      case INTERACTIVE_LOGON_TYPE:
+      {
+        uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
+
+        DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
+        break;
+      }
+      case NET_LOGON_TYPE:
+      {
+        uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
+
+        DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
+        break;
+      }
+      default:
+      {
+        DEBUG(2,("SAM Logon: unsupported switch value\n"));
+        status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+        break;
+      }
+    } /* end switch */
+  } /* end if status == 0 */
+
+  /* check username exists */
+
+  if (status == 0)
+  {
+    pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
+            uni_samlogon_user->uni_str_len));
+
+    DEBUG(3,("User:[%s]\n", samlogon_user));
+
+    become_root(True);
+    smb_pass = getsampwnam(samlogon_user);
+    unbecome_root(True);
+
+    if (smb_pass == NULL)
+    {
+      status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+    }
+  }
+
+  /* validate password. */
+
+  if (status == 0)
+  {
+    switch (q_l.sam_id.logon_level)
+    {
+      case INTERACTIVE_LOGON_TYPE:
+      {
+        /* interactive login. */
+        status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
+        break;
+      }
+      case NET_LOGON_TYPE:
+      {
+        /* network login.  lm challenge and 24 byte responses */
+        status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
+        break;
+      }
+    }
+  }
        
-       /* lkclXXXX this is the point at which, if the login was
-          successful, that the SAM Local Security Authority should
-          record that the user is logged in to the domain.
-        */
-
-       /* return the profile plus other bits :-) */
-
-       if (status == 0x0)
-       {
-               DOM_GID gids[LSA_MAX_GROUPS];
-               int num_gids = 0;
-               NTTIME dummy_time;
-               pstring logon_script;
-               pstring profile_path;
-               pstring home_dir;
-               pstring home_drive;
-               pstring my_name;
-               pstring my_workgroup;
-               pstring domain_groups;
-               pstring dom_sid;
-               pstring other_sids;
-               uint32 r_uid;
-               uint32 r_gid;
-
-               /* set up pointer indicating user/password failed to be found */
-               usr_info.ptr_user_info = 0;
-
-               dummy_time.low  = 0xffffffff;
-               dummy_time.high = 0x7fffffff;
-
-               /* XXXX hack to get standard_sub_basic() to use sam logon username */
-               /* possibly a better way would be to do a become_user() call */
-               sam_logon_in_ssb = True;
-
-               pstrcpy(logon_script, lp_logon_script     ());
-               pstrcpy(profile_path, lp_logon_path       ());
-               pstrcpy(dom_sid     , lp_domain_sid       ());
-               pstrcpy(other_sids  , lp_domain_other_sids());
-               pstrcpy(my_workgroup, lp_workgroup        ());
-
-               pstrcpy(home_drive  , lp_logon_drive      ());
-               pstrcpy(home_dir    , lp_logon_home       ());
-
-               pstrcpy(my_name     , global_myname         );
-               strupper(my_name);
-
-               get_domain_user_groups(domain_groups, samlogon_user);
-
-               num_gids = make_dom_gids(domain_groups, gids);
-
-               sam_logon_in_ssb = False;
-
-               if (name_to_rid(samlogon_user, &r_uid, &r_gid))
-               {
-                       make_net_user_info3(&usr_info,
-
-                                  &dummy_time, /* logon_time */
-                                  &dummy_time, /* logoff_time */
-                                  &dummy_time, /* kickoff_time */
-                                  &dummy_time, /* pass_last_set_time */
-                                  &dummy_time, /* pass_can_change_time */
-                                  &dummy_time, /* pass_must_change_time */
-
-                                  samlogon_user   , /* user_name */
-                                  vuser->real_name, /* full_name */
-                                  logon_script    , /* logon_script */
-                                  profile_path    , /* profile_path */
-                                  home_dir        , /* home_dir */
-                                  home_drive      , /* dir_drive */
-
-                                  0, /* logon_count */
-                                  0, /* bad_pw_count */
-
-                                  r_uid   , /* RID user_id */
-                                  r_gid   , /* RID group_id */
-                                  num_gids,    /* uint32 num_groups */
-                                  gids    , /* DOM_GID *gids */
-                                  0x20    , /* uint32 user_flgs (?) */
-
-                                  NULL, /* char sess_key[16] */
-
-                                  my_name     , /* char *logon_srv */
-                                  my_workgroup, /* char *logon_dom */
-
-                                  dom_sid,     /* char *dom_sid */
-                                  other_sids); /* char *other_sids */
-               }
-               else
-               {
-                       status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
-               }
-       }
-
-       net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
+  /* lkclXXXX this is the point at which, if the login was
+     successful, that the SAM Local Security Authority should
+     record that the user is logged in to the domain.
+   */
+
+  /* return the profile plus other bits :-) */
+
+  if (status == 0)
+  {
+    DOM_GID *gids = NULL;
+    int num_gids = 0;
+    NTTIME dummy_time;
+    pstring logon_script;
+    pstring profile_path;
+    pstring home_dir;
+    pstring home_drive;
+    pstring my_name;
+    pstring my_workgroup;
+    pstring domain_groups;
+    DOM_SID dom_sid;
+    char *other_sids;
+    uint32 r_uid;
+    uint32 r_gid;
+
+    /* set up pointer indicating user/password failed to be found */
+    usr_info.ptr_user_info = 0;
+
+    dummy_time.low  = 0xffffffff;
+    dummy_time.high = 0x7fffffff;
+
+    /* XXXX hack to get standard_sub_basic() to use sam logon username */
+    /* possibly a better way would be to do a become_user() call */
+    sam_logon_in_ssb = True;
+
+    pstrcpy(logon_script, lp_logon_script());
+    pstrcpy(profile_path, lp_logon_path());
+    string_to_sid(&dom_sid, lp_domain_sid());
+
+    pstrcpy(other_sids, lp_domain_other_sids());
+    pstrcpy(my_workgroup, lp_workgroup());
+
+    pstrcpy(home_drive, lp_logon_drive());
+    pstrcpy(home_dir, lp_logon_home());
+
+    pstrcpy(my_name, global_myname);
+    strupper(my_name);
+
+    /*
+     * This is the point at which we get the group
+     * database - we should be getting the gid_t list
+     * from /etc/group and then turning the uids into
+     * rids and then into machine sids for this user.
+     * JRA.
+     */
+
+    get_domain_user_groups(domain_groups, samlogon_user);
+
+    /*
+     * make_dom_gids allocates the gids array. JRA.
+     */
+    gids = NULL;
+    num_gids = make_dom_gids(domain_groups, &gids);
+
+    sam_logon_in_ssb = False;
+
+    if (name_to_rid(samlogon_user, &r_uid, &r_gid))
+    {
+      make_net_user_info3(&usr_info,
+                          &dummy_time, /* logon_time */
+                          &dummy_time, /* logoff_time */
+                          &dummy_time, /* kickoff_time */
+                          &dummy_time, /* pass_last_set_time */
+                          &dummy_time, /* pass_can_change_time */
+                          &dummy_time, /* pass_must_change_time */
+
+                          samlogon_user   , /* user_name */
+                          vuser->real_name, /* full_name */
+                          logon_script    , /* logon_script */
+                          profile_path    , /* profile_path */
+                          home_dir        , /* home_dir */
+                          home_drive      , /* dir_drive */
+
+                          0, /* logon_count */
+                          0, /* bad_pw_count */
+
+                          r_uid   , /* RID user_id */
+                          r_gid   , /* RID group_id */
+                          num_gids,    /* uint32 num_groups */
+                          gids    , /* DOM_GID *gids */
+                          0x20    , /* uint32 user_flgs (?) */
+
+                          NULL, /* char sess_key[16] */
+
+                          my_name     , /* char *logon_srv */
+                          my_workgroup, /* char *logon_dom */
+
+                          &dom_sid,     /* DOM_SID *dom_sid */
+                          other_sids); /* char *other_sids */
+    }
+    else
+    {
+      status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+    }
+
+    /* Free any allocated groups array. */
+    if(gids)
+      free((char *)gids);
+  }
+
+  net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
 }
 
 
index 6f834e454a24b8ec5b27de57ca54cce111eb0e0d..8070336f875c7755765ad1f4e1dca9cfbb2c7313 100644 (file)
@@ -1018,7 +1018,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
        uint32 status = 0x0;
 
        struct smb_passwd *smb_pass;
-       DOM_GID gids[LSA_MAX_GROUPS];
+       DOM_GID *gids = NULL;
        int num_groups = 0;
        int pol_idx;
        uint32 rid;
@@ -1053,7 +1053,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
        {
                pstring groups;
                get_domain_user_groups(groups, smb_pass->smb_name);
-               num_groups = make_dom_gids(groups, gids);
+                gids = NULL;
+               num_groups = make_dom_gids(groups, &gids);
        }
 
        /* construct the response.  lkclXXXX: gids are not copied! */
@@ -1062,6 +1063,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
        /* store the response in the SMB stream */
        samr_io_r_query_usergroups("", &r_u, rdata, 0);
 
+        if(gids)
+          free((char *)gids);
        DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
 
 }
index e842e3b9f958d3e0ff0e6e9a0b67f731b56eb8e0..204a9eac8ef21f77363dfb61c9fe2e9517e136f3 100644 (file)
@@ -79,57 +79,74 @@ rid_name domain_group_rids[] =
 };
 
 
-int make_dom_gids(char *gids_str, DOM_GID *gids)
+int make_dom_gids(char *gids_str, DOM_GID **ppgids)
 {
-       char *ptr;
-       pstring s2;
-       int count;
-
-       DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
-       if (gids_str == NULL || *gids_str == 0) return 0;
-
-       for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++) 
-       {
-               /* the entries are of the form GID/ATTR, ATTR being optional.*/
-               char *attr;
-               uint32 rid = 0;
-               int i;
-
-               attr = strchr(s2,'/');
-               if (attr) *attr++ = 0;
-               if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
-
-               /* look up the RID string and see if we can turn it into a rid number */
-               for (i = 0; domain_alias_rids[i].name != NULL; i++)
-               {
-                       if (strequal(domain_alias_rids[i].name, s2))
-                       {
-                               rid = domain_alias_rids[i].rid;
-                               break;
-                       }
-               }
-
-               if (rid == 0) rid = atoi(s2);
-
-               if (rid == 0)
-               {
-                       DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n",
-                                 s2, attr));
-                       count--;
-               }
-               else
-               {
-                       gids[count].g_rid = rid;
-                       gids[count].attr  = atoi(attr);
-
-                       DEBUG(5,("group id: %d attr: %d\n",
-                                 gids[count].g_rid,
-                                 gids[count].attr));
-               }
-       }
-
-       return count;
+  char *ptr;
+  pstring s2;
+  int count;
+  DOM_GID *gids;
+
+  *ppgids = NULL;
+
+  DEBUG(4,("make_dom_gids: %s\n", gids_str));
+
+  if (gids_str == NULL || *gids_str == 0)
+    return 0;
+
+  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
+    ;
+
+  gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
+  if(!gids)
+  {
+    DEBUG(0,("make_dom_gids: malloc fail !\n"));
+    return 0;
+  }
+
+  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && 
+                       count < LSA_MAX_GROUPS; count++) 
+  {
+    /* the entries are of the form GID/ATTR, ATTR being optional.*/
+    char *attr;
+    uint32 rid = 0;
+    int i;
+
+    attr = strchr(s2,'/');
+    if (attr)
+      *attr++ = 0;
+
+    if (!attr || !*attr)
+      attr = "7"; /* default value for attribute is 7 */
+
+    /* look up the RID string and see if we can turn it into a rid number */
+    for (i = 0; domain_alias_rids[i].name != NULL; i++)
+    {
+      if (strequal(domain_alias_rids[i].name, s2))
+      {
+        rid = domain_alias_rids[i].rid;
+        break;
+      }
+    }
+
+    if (rid == 0)
+      rid = atoi(s2);
+
+    if (rid == 0)
+    {
+      DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
+      count--;
+    }
+    else
+    {
+      gids[count].g_rid = rid;
+      gids[count].attr  = atoi(attr);
+
+      DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
+    }
+  }
+
+  *ppgids = gids;
+  return count;
 }
 
 /*******************************************************************
index d900b54c1fe08a23d1a1e57fbb9e17710a9ccded..ece3107257adf5a3d47d837d03b07542099666d6 100644 (file)
@@ -427,13 +427,13 @@ BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
   return(chat_with_program(passwordprogram,name,chatsequence, as_root));
 }
 
-#else
+#else /* ALLOW_CHANGE_PASSWORD */
 BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
 {
   DEBUG(0,("Password changing not compiled in (user=%s)\n",name));
   return(False);
 }
-#endif
+#endif /* ALLOW_CHANGE_PASSWORD */
 
 /***********************************************************
  Code to check the lanman hashed password.
index 7b82894c7f5cb52929c0bf193b153764ef28eb1b..132fdb30ef143ef5ac9def454609a2bb7cfb1925 100644 (file)
@@ -1677,6 +1677,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
   fstring new_passwd;
   struct smb_passwd *sampw = NULL;
   char *p = param + 2;
+  int ret = True;
 
   *rparam_len = 2;
   *rparam = REALLOC(*rparam,*rparam_len);
@@ -1718,9 +1719,9 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
    */
 
   if(lp_unix_password_sync())
-    chgpasswd(user,"", new_passwd, True);
+    ret = chgpasswd(user,"", new_passwd, True);
  
-  if(change_oem_password( sampw, new_passwd, False)) {
+  if(ret && change_oem_password( sampw, new_passwd, False)) {
     SSVAL(*rparam,0,NERR_Success);
   }