From eadc5b8c6ecdd6892647d391e1976b2c708d1ea0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 21 Oct 1998 22:36:26 +0000 Subject: [PATCH] domain aliases added a bit better: does local aliases if you query for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6) --- source3/include/proto.h | 13 +++--- source3/include/rpc_samr.h | 33 ++++++++-------- source3/lib/util_hnd.c | 23 ++++++++++- source3/lsarpcd/srv_lsa.c | 8 ++-- source3/passdb/passdb.c | 11 +++--- source3/rpc_client/cli_samr.c | 16 ++++---- source3/rpc_parse/parse_samr.c | 50 ++++++++++++----------- source3/rpc_server/srv_lsa.c | 8 ++-- source3/rpc_server/srv_lsa_hnd.c | 23 ++++++++++- source3/rpc_server/srv_netlog.c | 4 +- source3/rpc_server/srv_samr.c | 68 ++++++++++++++++++++------------ source3/rpc_server/srv_util.c | 1 - source3/rpcclient/cmd_samr.c | 2 +- source3/smbd/groupname.c | 6 +-- source3/smbd/server.c | 4 +- 15 files changed, 166 insertions(+), 104 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 11c9f193938..f9c3d8734bb 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1175,7 +1175,7 @@ void pdb_set_last_set_time(char *p, int max_len, time_t t); void pdb_sethexpwd(char *p, char *pwd, uint16 acct_ctrl); BOOL pdb_gethexpwd(char *p, char *pwd); BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid); -BOOL pdb_generate_machine_sid(void); +BOOL pdb_generate_sam_sid(void); uid_t pdb_user_rid_to_uid(uint32 user_rid); uint32 pdb_uid_to_user_rid(uid_t uid); uint32 pdb_gid_to_group_rid(gid_t gid); @@ -1283,7 +1283,7 @@ BOOL do_samr_chgpasswd_user(struct cli_state *cli, char nt_newpass[516], uchar nt_oldhash[16], char lm_newpass[516], uchar lm_oldhash[16]); BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name); -BOOL do_samr_unknown_8(struct cli_state *cli, +BOOL do_samr_query_dom_info(struct cli_state *cli, POLICY_HND *domain_pol, uint16 switch_value); BOOL do_samr_enum_dom_users(struct cli_state *cli, POLICY_HND *pol, uint16 num_entries, uint16 unk_0, @@ -1620,15 +1620,15 @@ void samr_io_r_unknown_2c(char *desc, SAMR_R_UNKNOWN_2C *r_u, prs_struct *ps, i void make_samr_q_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, POLICY_HND *user_pol, uint16 switch_value); void samr_io_q_unknown_3(char *desc, SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int depth); -void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, +void make_samr_q_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, POLICY_HND *domain_pol, uint16 switch_value); -void samr_io_q_unknown_8(char *desc, SAMR_Q_UNKNOWN_8 *q_u, prs_struct *ps, int depth); +void samr_io_q_query_dom_info(char *desc, SAMR_Q_QUERY_DOMAIN_INFO *q_u, prs_struct *ps, int depth); void make_unk_info2(SAM_UNK_INFO_2 *u_2, char *domain, char *server); void sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 *u_2, prs_struct *ps, int depth); -void make_samr_r_unknown_8(SAMR_R_UNKNOWN_8 *r_u, +void make_samr_r_query_dom_info(SAMR_R_QUERY_DOMAIN_INFO *r_u, uint16 switch_value, SAM_UNK_CTR *ctr, uint32 status); -void samr_io_r_unknown_8(char *desc, SAMR_R_UNKNOWN_8 *r_u, prs_struct *ps, int depth); +void samr_io_r_query_dom_info(char *desc, SAMR_R_QUERY_DOMAIN_INFO *r_u, prs_struct *ps, int depth); void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, DOM_SID *sid); void make_samr_r_unknown_3(SAMR_R_UNKNOWN_3 *r_u, uint16 unknown_2, uint16 unknown_3, @@ -1889,6 +1889,7 @@ int find_lsa_policy_by_hnd(POLICY_HND *hnd); BOOL set_lsa_policy_samr_rid(POLICY_HND *hnd, uint32 rid); BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status); BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid); +BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid); uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd); BOOL set_lsa_policy_reg_name(POLICY_HND *hnd, fstring name); BOOL close_lsa_policy_hnd(POLICY_HND *hnd); diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 2a229196428..d45cb23388f 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -79,7 +79,7 @@ SamrTestPrivateFunctionsUser #define SAMR_CLOSE_HND 0x01 #define SAMR_OPEN_DOMAIN 0x07 -#define SAMR_UNKNOWN_8 0x08 +#define SAMR_QUERY_DOMAIN_INFO 0x08 #define SAMR_LOOKUP_IDS 0x10 #define SAMR_LOOKUP_NAMES 0x11 #define SAMR_UNKNOWN_3 0x03 @@ -338,16 +338,16 @@ typedef struct r_samr_unknown_3_info /**************************************************************************** -SAMR_Q_UNKNOWN_8 - probably a query on domain group info. +SAMR_Q_QUERY_DOMAIN_INFO - probably a query on domain group info. *****************************************************************************/ -/* SAMR_Q_UNKNOWN_8 - */ -typedef struct q_samr_unknown_8_info +/* SAMR_Q_QUERY_DOMAIN_INFO - */ +typedef struct q_samr_query_domain_info { POLICY_HND domain_pol; /* policy handle */ uint16 switch_value; /* 0x0002 */ -} SAMR_Q_UNKNOWN_8; +} SAMR_Q_QUERY_DOMAIN_INFO; typedef struct sam_unkown_info_2_info { @@ -363,16 +363,17 @@ typedef struct sam_unkown_info_2_info pointer is referring to */ - uint32 unknown_4; /* 0x0000 0099 or 0x1000 0000 */ - uint32 unknown_5; /* 0x0000 0000 */ + uint32 seq_num; /* some sort of incrementing sequence number? */ + uint32 unknown_3; /* 0x0000 0000 */ - uint32 unknown_6 ; /* 0x0000 0001 */ - uint32 unknown_7 ; /* 0x0000 0003 */ - uint32 unknown_8 ; /* 0x0000 0001 */ - uint32 unknown_9 ; /* 0x0000 0008 */ - uint32 unknown_10; /* 0x0000 0003 */ + uint32 unknown_4; /* 0x0000 0001 */ + uint32 unknown_5; /* 0x0000 0003 */ + uint32 unknown_6; /* 0x0000 0001 */ + uint32 num_domain_usrs; /* number of users in domain */ + uint32 num_domain_grps; /* number of domain groups in domain */ + uint32 num_local_grps; /* number of local groups in domain */ - uint8 padding[16]; /* 16 bytes zeros */ + uint8 padding[12]; /* 12 bytes zeros */ UNISTR2 uni_domain; /* domain name unicode string */ UNISTR2 uni_server; /* server name unicode string */ @@ -391,8 +392,8 @@ typedef struct sam_unknown_ctr_info } SAM_UNK_CTR; -/* SAMR_R_UNKNOWN_8 - */ -typedef struct r_samr_unknown_8_info +/* SAMR_R_QUERY_DOMAIN_INFO - */ +typedef struct r_samr_query_domain_info { uint32 ptr_0; uint16 switch_value; /* same as in query */ @@ -401,7 +402,7 @@ typedef struct r_samr_unknown_8_info uint32 status; /* return status */ -} SAMR_R_UNKNOWN_8; +} SAMR_R_QUERY_DOMAIN_INFO; /**************************************************************************** diff --git a/source3/lib/util_hnd.c b/source3/lib/util_hnd.c index b1e695360f7..b807c406044 100644 --- a/source3/lib/util_hnd.c +++ b/source3/lib/util_hnd.c @@ -225,7 +225,28 @@ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) } /**************************************************************************** - set samr rid + get samr sid +****************************************************************************/ +BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) +{ + struct policy *p = find_lsa_policy(hnd); + + if (p != NULL && p->open) + { + pstring sidstr; + memcpy(sid, &p->dev.samr.sid, sizeof(*sid)); + DEBUG(3,("Getting policy sid=%s pnum=%x\n", + sid_to_string(sidstr, sid), p->pnum)); + + return True; + } + + DEBUG(3,("Error getting policy\n")); + return False; +} + +/**************************************************************************** + get samr rid ****************************************************************************/ uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd) { diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index 93584b5acfb..a355f0b311c 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -28,7 +28,7 @@ #include "nterr.h" extern int DEBUGLEVEL; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; /*************************************************************************** lsa_reply_open_policy2 @@ -373,7 +373,7 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, pstrcpy(dom_name, lp_workgroup()); /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_machine_sid); + lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); } /*************************************************************************** @@ -406,7 +406,7 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, string_to_sid(&sid_S_1_5, "S-1-5"); dom_names[0] = dom_name; - sid_array[0] = &global_machine_sid; + sid_array[0] = &global_sam_sid; dom_names[1] = "Everyone"; sid_array[1] = &sid_S_1_1; @@ -458,7 +458,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, string_to_sid(&sid_S_1_5, "S-1-5"); dom_names[0] = dom_name; - sid_array[0] = &global_machine_sid; + sid_array[0] = &global_sam_sid; dom_names[1] = "Everyone"; sid_array[1] = &sid_S_1_1; diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 0cd2f6ef2e6..aae59b32f61 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -27,10 +27,11 @@ extern int DEBUGLEVEL; /* * This is set on startup - it defines the SID for this - * machine. + * machine, and therefore the SAM database for which it is + * responsible. */ -DOM_SID global_machine_sid; +DOM_SID global_sam_sid; /* * NOTE. All these functions are abstracted into a structure @@ -805,7 +806,7 @@ static BOOL read_sid_from_file(int fd, char *sid_file) */ fline[sizeof(fline)-1] = '\0'; - if(!string_to_sid( &global_machine_sid, fline)) { + if(!string_to_sid( &global_sam_sid, fline)) { DEBUG(0,("unable to generate machine SID.\n")); return False; } @@ -817,7 +818,7 @@ static BOOL read_sid_from_file(int fd, char *sid_file) Generate the global machine sid. Look for the MACHINE.SID file first, if not found then look in smb.conf and use it to create the MACHINE.SID file. ****************************************************************************/ -BOOL pdb_generate_machine_sid(void) +BOOL pdb_generate_sam_sid(void) { int fd; char *p; @@ -901,7 +902,7 @@ BOOL pdb_generate_machine_sid(void) * Ensure our new SID is valid. */ - if(!string_to_sid( &global_machine_sid, sid_string)) { + if(!string_to_sid( &global_sam_sid, sid_string)) { DEBUG(0,("unable to generate machine SID.\n")); return False; } diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 294317acc2f..50e44f5138d 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -209,13 +209,13 @@ BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name) /**************************************************************************** do a SAMR unknown 0x8 command ****************************************************************************/ -BOOL do_samr_unknown_8(struct cli_state *cli, +BOOL do_samr_query_dom_info(struct cli_state *cli, POLICY_HND *domain_pol, uint16 switch_value) { prs_struct data; prs_struct rdata; - SAMR_Q_UNKNOWN_8 q_e; + SAMR_Q_QUERY_DOMAIN_INFO q_e; BOOL valid_un8 = False; /* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */ @@ -228,25 +228,25 @@ BOOL do_samr_unknown_8(struct cli_state *cli, if (domain_pol == NULL) return False; /* store the parameters */ - make_samr_q_unknown_8(&q_e, domain_pol, switch_value); + make_samr_q_query_dom_info(&q_e, domain_pol, switch_value); /* turn parameters into data stream */ - samr_io_q_unknown_8("", &q_e, &data, 0); + samr_io_q_query_dom_info("", &q_e, &data, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, SAMR_UNKNOWN_8, &data, &rdata)) + if (rpc_api_pipe_req(cli, SAMR_QUERY_DOMAIN_INFO, &data, &rdata)) { #if 0 - SAMR_R_UNKNOWN_8 r_e; + SAMR_R_QUERY_DOMAIN_INFO r_e; BOOL p; - samr_io_r_unknown_8("", &r_e, &rdata, 0); + samr_io_r_query_dom_info("", &r_e, &rdata, 0); p = rdata.offset != 0; if (p && r_e.status != 0) { /* report error code */ - DEBUG(0,("SAMR_R_UNKNOWN_8: %s\n", get_nt_error_msg(r_e.status))); + DEBUG(0,("SAMR_R_QUERY_DOMAIN_INFO: %s\n", get_nt_error_msg(r_e.status))); p = False; } diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 416498a1864..f09af387e48 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -228,12 +228,12 @@ void samr_io_q_unknown_3(char *desc, SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int /******************************************************************* reads or writes a structure. ********************************************************************/ -void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, +void make_samr_q_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, POLICY_HND *domain_pol, uint16 switch_value) { if (q_u == NULL) return; - DEBUG(5,("samr_make_q_unknown_8\n")); + DEBUG(5,("samr_make_q_query_dom_info\n")); memcpy(&q_u->domain_pol, domain_pol, sizeof(q_u->domain_pol)); q_u->switch_value = switch_value; @@ -242,11 +242,11 @@ void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, /******************************************************************* reads or writes a structure. ********************************************************************/ -void samr_io_q_unknown_8(char *desc, SAMR_Q_UNKNOWN_8 *q_u, prs_struct *ps, int depth) +void samr_io_q_query_dom_info(char *desc, SAMR_Q_QUERY_DOMAIN_INFO *q_u, prs_struct *ps, int depth) { if (q_u == NULL) return; - prs_debug(ps, depth, desc, "samr_io_q_unknown_8"); + prs_debug(ps, depth, desc, "samr_io_q_query_dom_info"); depth++; prs_align(ps); @@ -276,16 +276,17 @@ void make_unk_info2(SAM_UNK_INFO_2 *u_2, char *domain, char *server) make_uni_hdr(&(u_2->hdr_domain), len_domain, len_domain, 1); make_uni_hdr(&(u_2->hdr_server), len_server, len_server, 1); - u_2->unknown_4 = 0x10000000; - u_2->unknown_5 = 0x00000000; + u_2->seq_num = 0x10000000; + u_2->unknown_3 = 0x00000000; + u_2->unknown_4 = 0x00000001; + u_2->unknown_5 = 0x00000003; u_2->unknown_6 = 0x00000001; - u_2->unknown_7 = 0x00000003; - u_2->unknown_8 = 0x00000001; - u_2->unknown_9 = 0x00000008; - u_2->unknown_10 = 0x00000003; + u_2->num_domain_usrs = 0x00000008; + u_2->num_domain_grps = 0x00000003; + u_2->num_local_grps = 0x00000003; - memset(u_2->padding, 0, sizeof(u_2->padding)); /* 16 bytes zeros */ + memset(u_2->padding, 0, sizeof(u_2->padding)); /* 12 bytes zeros */ make_unistr2(&u_2->uni_domain, domain, len_domain); make_unistr2(&u_2->uni_server, server, len_server); @@ -313,16 +314,17 @@ void sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 *u_2, prs_struct *ps, int depth pointer is referring to */ - prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4 ); /* 0x0000 0099 or 0x1000 0000 */ - prs_uint32("unknown_5 ", ps, depth, &u_2->unknown_5 ); /* 0x0000 0000 */ + prs_uint32("seq_num ", ps, depth, &u_2->seq_num ); /* 0x0000 0099 or 0x1000 0000 */ + prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3 ); /* 0x0000 0000 */ + prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4 ); /* 0x0000 0001 */ + prs_uint32("unknown_5 ", ps, depth, &u_2->unknown_5 ); /* 0x0000 0003 */ prs_uint32("unknown_6 ", ps, depth, &u_2->unknown_6 ); /* 0x0000 0001 */ - prs_uint32("unknown_7 ", ps, depth, &u_2->unknown_7 ); /* 0x0000 0003 */ - prs_uint32("unknown_8 ", ps, depth, &u_2->unknown_8 ); /* 0x0000 0001 */ - prs_uint32("unknown_9 ", ps, depth, &u_2->unknown_9 ); /* 0x0000 0008 */ - prs_uint32("unknown_10", ps, depth, &u_2->unknown_10); /* 0x0000 0003 */ + prs_uint32("num_domain_usrs ", ps, depth, &u_2->num_domain_usrs ); /* 0x0000 0008 */ + prs_uint32("num_domain_grps", ps, depth, &u_2->num_domain_grps); /* 0x0000 0003 */ + prs_uint32("num_local_grps", ps, depth, &u_2->num_local_grps); /* 0x0000 0003 */ - prs_uint8s(False, "padding", ps, depth, u_2->padding, sizeof(u_2->padding)); /* 16 bytes zeros */ + prs_uint8s(False, "padding", ps, depth, u_2->padding, sizeof(u_2->padding)); /* 12 bytes zeros */ smb_io_unistr2( "uni_domain", &u_2->uni_domain, u_2->hdr_domain.buffer, ps, depth); /* domain name unicode string */ smb_io_unistr2( "uni_server", &u_2->uni_server, u_2->hdr_server.buffer, ps, depth); /* server name unicode string */ @@ -332,15 +334,15 @@ void sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 *u_2, prs_struct *ps, int depth } /******************************************************************* -makes a SAMR_R_UNKNOWN_8 structure. +makes a SAMR_R_QUERY_DOMAIN_INFO structure. ********************************************************************/ -void make_samr_r_unknown_8(SAMR_R_UNKNOWN_8 *r_u, +void make_samr_r_query_dom_info(SAMR_R_QUERY_DOMAIN_INFO *r_u, uint16 switch_value, SAM_UNK_CTR *ctr, uint32 status) { if (r_u == NULL || ctr == NULL) return; - DEBUG(5,("make_samr_r_unknown_8\n")); + DEBUG(5,("make_samr_r_query_dom_info\n")); r_u->ptr_0 = 0; r_u->switch_value = 0; @@ -357,11 +359,11 @@ void make_samr_r_unknown_8(SAMR_R_UNKNOWN_8 *r_u, /******************************************************************* reads or writes a structure. ********************************************************************/ -void samr_io_r_unknown_8(char *desc, SAMR_R_UNKNOWN_8 *r_u, prs_struct *ps, int depth) +void samr_io_r_query_dom_info(char *desc, SAMR_R_QUERY_DOMAIN_INFO *r_u, prs_struct *ps, int depth) { if (r_u == NULL) return; - prs_debug(ps, depth, desc, "samr_io_r_unknown_8"); + prs_debug(ps, depth, desc, "samr_io_r_query_dom_info"); depth++; prs_align(ps); @@ -381,7 +383,7 @@ void samr_io_r_unknown_8(char *desc, SAMR_R_UNKNOWN_8 *r_u, prs_struct *ps, int } default: { - DEBUG(3,("samr_io_r_unknown_8: unknown switch level 0x%x\n", + DEBUG(3,("samr_io_r_query_dom_info: unknown switch level 0x%x\n", r_u->switch_value)); return; } diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 93584b5acfb..a355f0b311c 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -28,7 +28,7 @@ #include "nterr.h" extern int DEBUGLEVEL; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; /*************************************************************************** lsa_reply_open_policy2 @@ -373,7 +373,7 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, pstrcpy(dom_name, lp_workgroup()); /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_machine_sid); + lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); } /*************************************************************************** @@ -406,7 +406,7 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, string_to_sid(&sid_S_1_5, "S-1-5"); dom_names[0] = dom_name; - sid_array[0] = &global_machine_sid; + sid_array[0] = &global_sam_sid; dom_names[1] = "Everyone"; sid_array[1] = &sid_S_1_1; @@ -458,7 +458,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, string_to_sid(&sid_S_1_5, "S-1-5"); dom_names[0] = dom_name; - sid_array[0] = &global_machine_sid; + sid_array[0] = &global_sam_sid; dom_names[1] = "Everyone"; sid_array[1] = &sid_S_1_1; diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index b1e695360f7..b807c406044 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -225,7 +225,28 @@ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) } /**************************************************************************** - set samr rid + get samr sid +****************************************************************************/ +BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) +{ + struct policy *p = find_lsa_policy(hnd); + + if (p != NULL && p->open) + { + pstring sidstr; + memcpy(sid, &p->dev.samr.sid, sizeof(*sid)); + DEBUG(3,("Getting policy sid=%s pnum=%x\n", + sid_to_string(sidstr, sid), p->pnum)); + + return True; + } + + DEBUG(3,("Error getting policy\n")); + return False; +} + +/**************************************************************************** + get samr rid ****************************************************************************/ uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd) { diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 79a659faf8d..4228eab3e05 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -32,7 +32,7 @@ extern int DEBUGLEVEL; extern BOOL sam_logon_in_ssb; extern pstring samlogon_user; extern pstring global_myname; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; /************************************************************************* make_net_r_req_chal: @@ -790,7 +790,7 @@ static void api_net_sam_logon( uint16 vuid, my_name , /* char *logon_srv */ my_workgroup, /* char *logon_dom */ - &global_machine_sid, /* DOM_SID *dom_sid */ + &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ } else diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 06ed6603b3f..9a37f76121f 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -32,10 +32,11 @@ extern BOOL sam_logon_in_ssb; extern pstring samlogon_user; extern pstring global_myworkgroup; extern pstring global_myname; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; +extern rid_name builtin_alias_rids[]; /******************************************************************* This next function should be replaced with something that @@ -295,7 +296,7 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, DOM_SID user_sid; DOM_SID everyone_sid; - user_sid = global_machine_sid; + user_sid = global_sam_sid; SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1); @@ -457,29 +458,44 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES r_e; SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; int num_entries; - BOOL got_aliases; - char *dummy_alias = "admins"; + DOM_SID sid; + fstring sid_str; + fstring sam_sid_str; r_e.status = 0x0; r_e.num_entries = 0; /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) + if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid)) { r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; } - DEBUG(5,("samr_reply_enum_dom_aliases: %d\n", __LINE__)); + sid_to_string(sid_str, &sid); + sid_to_string(sam_sid_str, &global_sam_sid); - got_aliases = True; - num_entries = 1; - make_unistr2(&(pass[0].uni_user_name), dummy_alias, strlen(dummy_alias)); - pass[0].user_rid = BUILTIN_ALIAS_RID_ADMINS; + DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); - if (r_e.status == 0 && got_aliases) + /* well-known aliases */ + if (strequal(sid_str, "S-1-5-20")) { - make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); + char *name; + while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) + { + make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); + pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; + num_entries++; + } } + else if (strequal(sid_str, sam_sid_str)) + { + /* local aliases */ + /* oops! there's no code to deal with this */ + DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n")); + num_entries = 0; + } + + make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); /* store the response in the SMB stream */ samr_io_r_enum_dom_aliases("", &r_e, rdata, 0); @@ -1276,12 +1292,12 @@ static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct /******************************************************************* - samr_reply_unknown_8 + samr_reply_query_dom_info ********************************************************************/ -static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, +static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, prs_struct *rdata) { - SAMR_R_UNKNOWN_8 r_u; + SAMR_R_QUERY_DOMAIN_INFO r_u; SAM_UNK_CTR ctr; uint16 switch_value = 0x0; uint32 status = 0x0; @@ -1291,13 +1307,13 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, r_u.ctr = &ctr; - DEBUG(5,("samr_reply_unknown_8: %d\n", __LINE__)); + DEBUG(5,("samr_reply_query_dom_info: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1)) { r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - DEBUG(5,("samr_reply_unknown_8: invalid handle\n")); + DEBUG(5,("samr_reply_query_dom_info: invalid handle\n")); } if (status == 0x0) @@ -1319,27 +1335,27 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, } } - make_samr_r_unknown_8(&r_u, switch_value, &ctr, status); + make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status); /* store the response in the SMB stream */ - samr_io_r_unknown_8("", &r_u, rdata, 0); + samr_io_r_query_dom_info("", &r_u, rdata, 0); - DEBUG(5,("samr_unknown_8: %d\n", __LINE__)); + DEBUG(5,("samr_query_dom_info: %d\n", __LINE__)); } /******************************************************************* - api_samr_unknown_8 + api_samr_query_dom_info ********************************************************************/ -static void api_samr_unknown_8( uint16 vuid, prs_struct *data, prs_struct *rdata) +static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *rdata) { - SAMR_Q_UNKNOWN_8 q_e; + SAMR_Q_QUERY_DOMAIN_INFO q_e; /* grab the samr unknown 8 command */ - samr_io_q_unknown_8("", &q_e, data, 0); + samr_io_q_query_dom_info("", &q_e, data, 0); /* construct reply. */ - samr_reply_unknown_8(&q_e, rdata); + samr_reply_query_dom_info(&q_e, rdata); } @@ -1595,7 +1611,7 @@ static struct api_struct api_samr_cmds [] = { "SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names }, { "SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user }, { "SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo }, - { "SAMR_UNKNOWN_8" , SAMR_UNKNOWN_8 , api_samr_unknown_8 }, + { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info }, { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups }, { "SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo }, { "SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo }, diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 4756d2f338e..b3557c77688 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -42,7 +42,6 @@ #include "nterr.h" extern int DEBUGLEVEL; -extern DOM_SID global_machine_sid; /* * A list of the rids of well known BUILTIN and Domain users diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index f14c84d6b9b..fa3253edf9c 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -495,7 +495,7 @@ void cmd_sam_query_groups(struct client_info *info) &info->dom.samr_pol_open_domain) : False; /* send a samr 0x8 command */ - res = res ? do_samr_unknown_8(smb_cli, + res = res ? do_samr_query_dom_info(smb_cli, &info->dom.samr_pol_open_domain, switch_value) : False; res = res ? do_samr_close(smb_cli, diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c index 29236e2ca57..4afa9ece88a 100644 --- a/source3/smbd/groupname.c +++ b/source3/smbd/groupname.c @@ -23,7 +23,7 @@ #include "includes.h" extern int DEBUGLEVEL; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; /************************************************************************** @@ -164,7 +164,7 @@ Error was %s.\n", unixname, strerror(errno) )); * It's not a well known name, convert the UNIX gid_t * to a rid within this domain SID. */ - tmp_sid = global_machine_sid; + tmp_sid = global_sam_sid; tmp_sid.sub_auths[tmp_sid.num_auths++] = pdb_gid_to_group_rid((gid_t)gptr->gr_gid); } @@ -233,7 +233,7 @@ void map_gid_to_sid( gid_t gid, DOM_SID *psid) * If there's no map, convert the UNIX gid_t * to a rid within this domain SID. */ - *psid = global_machine_sid; + *psid = global_sam_sid; psid->sub_auths[psid->num_auths++] = pdb_gid_to_group_rid(gid); return; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 62f2bcea9fd..744320887bf 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -644,8 +644,8 @@ static void usage(char *pname) pstrcpy(global_myworkgroup, lp_workgroup()); - if(!pdb_generate_machine_sid()) { - DEBUG(0,("ERROR: Samba cannot get a machine SID.\n")); + if(!pdb_generate_sam_sid()) { + DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); exit(1); } -- 2.34.1