-
+#define OLD_NTDOMAIN 1
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
+ * Copyright (C) Hewlett-Packard Company 1999.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-
#include "includes.h"
-#include "nterr.h"
extern int DEBUGLEVEL;
-extern BOOL sam_logon_in_ssb;
-extern pstring samlogon_user;
-extern fstring global_sam_name;
+extern fstring global_myworkgroup;
extern pstring global_myname;
extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_1;
-extern DOM_SID global_sid_S_1_5_20;
extern rid_name domain_group_rids[];
extern rid_name domain_alias_rids[];
if (pw_buf == NULL) return False;
vp = startsmbpwent(False);
- if (!vp)
- {
+ if (!vp) {
DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
return False;
}
- while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries)
- {
+ while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) {
int user_name_len;
- if (start_idx > 0)
- {
+ if (start_idx > 0) {
/* skip the requested number of entries.
not very efficient, but hey...
*/
}
user_name_len = strlen(pwd->smb_name);
- make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
- make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len,
- user_name_len, 1);
+ init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
+ init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
pw_buf[(*num_entries)].user_rid = pwd->user_rid;
- bzero( pw_buf[(*num_entries)].nt_pwd , 16);
+ memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
/* Now check if the NT compatible password is available. */
- if (pwd->smb_nt_passwd != NULL)
- {
+ if (pwd->smb_nt_passwd != NULL) {
memcpy( pw_buf[(*num_entries)].nt_pwd , pwd->smb_nt_passwd, 16);
}
(*num_entries), pwd->smb_name,
pwd->user_rid, pwd->acct_ctrl));
- if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
- {
+ if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask)) {
DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
(*num_entries)++;
- }
- else
- {
+ } else {
DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
}
return (*num_entries) > 0;
}
+/*******************************************************************
+ This function uses the username map file and tries to map a UNIX
+ user name to an DOS name. (Sort of the reverse of the
+ map_username() function.) Since more than one DOS name can map
+ to the UNIX name, to reverse the mapping you have to specify
+ which corresponding DOS name you want; that's where the name_idx
+ parameter comes in. Returns the string requested or NULL if it
+ fails or can't complete the request for any reason. This doesn't
+ handle group names (starting with '@') or names starting with
+ '+' or '&'. If they are encountered, they are skipped.
+********************************************************************/
+
+static char *unmap_unixname(char *unix_user_name, int name_idx)
+{
+ char *mapfile = lp_username_map();
+ char **lines;
+ static pstring tok;
+ int i;
+
+ if (!*unix_user_name) return NULL;
+ if (!*mapfile) return NULL;
+
+ lines = file_lines_load(mapfile, NULL);
+ if (!lines) {
+ DEBUG(0,("unmap_unixname: can't open username map %s\n", mapfile));
+ return NULL;
+ }
+
+ DEBUG(5,("unmap_unixname: scanning username map %s, index: %d\n", mapfile, name_idx));
+
+ for (i=0; lines[i]; i++) {
+ char *unixname = lines[i];
+ char *dosname = strchr(unixname,'=');
+
+ if (!dosname)
+ continue;
+
+ *dosname++ = 0;
+
+ while (isspace(*unixname))
+ unixname++;
+ if ('!' == *unixname) {
+ unixname++;
+ while (*unixname && isspace(*unixname))
+ unixname++;
+ }
+
+ if (!*unixname || strchr("#;",*unixname))
+ continue;
+
+ if (strncmp(unixname, unix_user_name, strlen(unix_user_name)))
+ continue;
+
+ /* We have matched the UNIX user name */
+
+ while(next_token(&dosname, tok, LIST_SEP, sizeof(tok))) {
+ if (!strchr("@&+", *tok)) {
+ name_idx--;
+ if (name_idx < 0 ) {
+ break;
+ }
+ }
+ }
+
+ if (name_idx >= 0) {
+ DEBUG(0,("unmap_unixname: index too high - not that many DOS names\n"));
+ file_lines_free(lines);
+ return NULL;
+ } else {
+ file_lines_free(lines);
+ return tok;
+ }
+ }
+
+ DEBUG(0,("unmap_unixname: Couldn't find the UNIX user name\n"));
+ file_lines_free(lines);
+ return NULL;
+}
+
+/*******************************************************************
+ This function sets up a list of users taken from the list of
+ users that UNIX knows about, as well as all the user names that
+ Samba maps to a valid UNIX user name. (This should work with
+ /etc/passwd or NIS.)
+********************************************************************/
+
+static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf,
+ int start_idx,
+ int *total_entries, int *num_entries,
+ int max_num_entries,
+ uint16 acb_mask)
+{
+ static struct passwd *pwd = NULL;
+ static uint32 pw_rid;
+ static BOOL orig_done = False;
+ static int current_idx = 0;
+ static int mapped_idx = 0;
+
+ DEBUG(5, ("get_passwd_entries: retrieving a list of UNIX users\n"));
+
+ (*num_entries) = 0;
+ (*total_entries) = 0;
+
+ if (pw_buf == NULL) return False;
+
+ if (current_idx == 0) {
+ setpwent();
+ }
+
+ /* These two cases are inefficient, but should be called very rarely */
+ /* they are the cases where the starting index isn't picking up */
+ /* where we left off last time. It is efficient when it starts over */
+ /* at zero though. */
+ if (start_idx > current_idx) {
+ /* We aren't far enough; advance to start_idx */
+ while (current_idx < start_idx) {
+ char *unmap_name;
+
+ if(!orig_done) {
+ if ((pwd = getpwent()) == NULL) break;
+ current_idx++;
+ orig_done = True;
+ }
+
+ while (((unmap_name = unmap_unixname(pwd->pw_name, mapped_idx)) != NULL) &&
+ (current_idx < start_idx)) {
+ current_idx++;
+ mapped_idx++;
+ }
+
+ if (unmap_name == NULL) {
+ orig_done = False;
+ mapped_idx = 0;
+ }
+ }
+ } else if (start_idx < current_idx) {
+ /* We are already too far; start over and advance to start_idx */
+ endpwent();
+ setpwent();
+ current_idx = 0;
+ mapped_idx = 0;
+ orig_done = False;
+ while (current_idx < start_idx) {
+ char *unmap_name;
+
+ if(!orig_done) {
+ if ((pwd = getpwent()) == NULL) break;
+ current_idx++;
+ orig_done = True;
+ }
+
+ while (((unmap_name = unmap_unixname(pwd->pw_name, mapped_idx)) != NULL) &&
+ (current_idx < start_idx)) {
+ current_idx++;
+ mapped_idx++;
+ }
+
+ if (unmap_name == NULL) {
+ orig_done = False;
+ mapped_idx = 0;
+ }
+ }
+ }
+
+ /* now current_idx == start_idx */
+ while ((*num_entries) < max_num_entries) {
+ int user_name_len;
+ char *unmap_name;
+
+ /* This does the original UNIX user itself */
+ if(!orig_done) {
+ if ((pwd = getpwent()) == NULL) break;
+ user_name_len = strlen(pwd->pw_name);
+ pw_rid = pdb_uid_to_user_rid(pwd->pw_uid);
+ ZERO_STRUCTP(&pw_buf[(*num_entries)]);
+ init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->pw_name, user_name_len);
+ init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
+ pw_buf[(*num_entries)].user_rid = pw_rid;
+ memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
+
+ pw_buf[(*num_entries)].acb_info = ACB_NORMAL;
+
+ DEBUG(5, ("get_passwd_entries: entry idx %d user %s, rid 0x%x\n", (*num_entries), pwd->pw_name, pw_rid));
+
+ (*num_entries)++;
+ (*total_entries)++;
+ current_idx++;
+ orig_done = True;
+ }
+
+ /* This does all the user names that map to the UNIX user */
+ while (((unmap_name = unmap_unixname(pwd->pw_name, mapped_idx)) != NULL) &&
+ (*num_entries < max_num_entries)) {
+ user_name_len = strlen(unmap_name);
+ ZERO_STRUCTP(&pw_buf[(*num_entries)]);
+ init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), unmap_name, user_name_len);
+ init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
+ pw_buf[(*num_entries)].user_rid = pw_rid;
+ memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
+
+ pw_buf[(*num_entries)].acb_info = ACB_NORMAL;
+
+ DEBUG(5, ("get_passwd_entries: entry idx %d user %s, rid 0x%x\n", (*num_entries), pwd->pw_name, pw_rid));
+
+ (*num_entries)++;
+ (*total_entries)++;
+ current_idx++;
+ mapped_idx++;
+ }
+
+ if (unmap_name == NULL) {
+ /* done with 'aliases', go on to next UNIX user */
+ orig_done = False;
+ mapped_idx = 0;
+ }
+ }
+
+ if (pwd == NULL) {
+ /* totally done, reset everything */
+ endpwent();
+ current_idx = 0;
+ mapped_idx = 0;
+ }
+
+ return (*num_entries) > 0;
+}
+
/*******************************************************************
samr_reply_unknown_1
********************************************************************/
-static void samr_reply_close_hnd(SAMR_Q_CLOSE_HND *q_u,
+static BOOL samr_reply_close_hnd(SAMR_Q_CLOSE_HND *q_u,
prs_struct *rdata)
{
SAMR_R_CLOSE_HND r_u;
/* set up the SAMR unknown_1 response */
- bzero(r_u.pol.data, POL_HND_SIZE);
+ memset((char *)r_u.pol.data, '\0', POL_HND_SIZE);
/* close the policy handle */
if (close_lsa_policy_hnd(&(q_u->pol)))
DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_close_hnd("", &r_u, rdata, 0);
+ if(!samr_io_r_close_hnd("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_close_hnd
********************************************************************/
-static void api_samr_close_hnd( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_close_hnd(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_CLOSE_HND q_u;
/* grab the samr unknown 1 */
- samr_io_q_close_hnd("", &q_u, data, 0);
+ if(!samr_io_q_close_hnd("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_close_hnd(&q_u, rdata);
+ if(!samr_reply_close_hnd(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_open_domain
********************************************************************/
-static void samr_reply_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
+static BOOL samr_reply_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
prs_struct *rdata)
{
SAMR_R_OPEN_DOMAIN r_u;
DEBUG(5,("samr_open_domain: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_open_domain("", &r_u, rdata, 0);
+ if(!samr_io_r_open_domain("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_open_domain: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_open_domain
********************************************************************/
-static void api_samr_open_domain( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_open_domain(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_OPEN_DOMAIN q_u;
/* grab the samr open */
- samr_io_q_open_domain("", &q_u, data, 0);
+ if(!samr_io_q_open_domain("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_open_domain(&q_u, rdata);
+ if(!samr_reply_open_domain(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_unknown_2c
********************************************************************/
-static void samr_reply_unknown_2c(SAMR_Q_UNKNOWN_2C *q_u,
+static BOOL samr_reply_unknown_2c(SAMR_Q_UNKNOWN_2C *q_u,
prs_struct *rdata)
{
SAMR_R_UNKNOWN_2C r_u;
status = NT_STATUS_OBJECT_TYPE_MISMATCH;
}
- make_samr_r_unknown_2c(&r_u, status);
+ init_samr_r_unknown_2c(&r_u, status);
DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_unknown_2c("", &r_u, rdata, 0);
+ if(!samr_io_r_unknown_2c("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_unknown_2c: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_unknown_2c
********************************************************************/
-static void api_samr_unknown_2c( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_unknown_2c(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_UNKNOWN_2C q_u;
/* grab the samr open */
- samr_io_q_unknown_2c("", &q_u, data, 0);
+ if(!samr_io_q_unknown_2c("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_unknown_2c(&q_u, rdata);
+ if(!samr_reply_unknown_2c(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_unknown_3
********************************************************************/
-static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
+static BOOL samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
prs_struct *rdata)
{
SAMR_R_UNKNOWN_3 r_u;
if (status == 0x0)
{
- DOM_SID usr_sid;
+ DOM_SID user_sid;
+ DOM_SID everyone_sid;
- usr_sid = global_sam_sid;
+ user_sid = global_sam_sid;
- SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1);
+ SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1);
/*
* Add the user RID.
*/
- sid_append_rid(&usr_sid, rid);
+ user_sid.sub_auths[user_sid.num_auths++] = rid;
- /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
- /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
- make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1);
- make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid);
+ string_to_sid(&everyone_sid, "S-1-1");
+
+ /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
+ /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
+ init_dom_sid3(&(sid[0]), 0x035b, 0x0002, &everyone_sid);
+ init_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid);
}
- make_samr_r_unknown_3(&r_u,
+ init_samr_r_unknown_3(&r_u,
0x0001, 0x8004,
0x00000014, 0x0002, 0x0070,
2, sid, status);
DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_unknown_3("", &r_u, rdata, 0);
+ if(!samr_io_r_unknown_3("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_unknown_3: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_unknown_3
********************************************************************/
-static void api_samr_unknown_3( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_unknown_3(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_UNKNOWN_3 q_u;
/* grab the samr open */
- samr_io_q_unknown_3("", &q_u, data, 0);
+ if(!samr_io_q_unknown_3("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_unknown_3(&q_u, rdata);
+ if(!samr_reply_unknown_3(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_enum_dom_users
********************************************************************/
-static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
+static BOOL samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
prs_struct *rdata)
{
SAMR_R_ENUM_DOM_USERS r_e;
get_sampwd_entries(pass, 0, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask);
unbecome_root(True);
- make_samr_r_enum_dom_users(&r_e, total_entries,
+ init_samr_r_enum_dom_users(&r_e, total_entries,
q_u->unknown_0, num_entries,
pass, r_e.status);
/* store the response in the SMB stream */
- samr_io_r_enum_dom_users("", &r_e, rdata, 0);
+ if(!samr_io_r_enum_dom_users("", &r_e, rdata, 0))
+ return False;
DEBUG(5,("samr_enum_dom_users: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_enum_dom_users
********************************************************************/
-static void api_samr_enum_dom_users( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_enum_dom_users(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_ENUM_DOM_USERS q_e;
/* grab the samr open */
- samr_io_q_enum_dom_users("", &q_e, data, 0);
+ if(!samr_io_q_enum_dom_users("", &q_e, data, 0))
+ return False;
/* construct reply. */
- samr_reply_enum_dom_users(&q_e, rdata);
-}
+ if(!samr_reply_enum_dom_users(&q_e, rdata))
+ return False;
+ return True;
+}
/*******************************************************************
samr_reply_enum_dom_groups
********************************************************************/
-static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
+static BOOL samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
prs_struct *rdata)
{
SAMR_R_ENUM_DOM_GROUPS r_e;
- DOMAIN_GRP *grps = NULL;
- int num_entries = 0;
+ SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
+ int num_entries;
BOOL got_grps;
- DOM_SID sid;
- fstring sid_str;
+ char *dummy_group = "Domain Admins";
r_e.status = 0x0;
r_e.num_entries = 0;
/* find the policy handle. open a policy on it. */
- if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
+ if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
{
r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
}
- sid_to_string(sid_str, &sid);
-
- DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
-
- /* well-known groups */
- if (sid_equal(&sid, &global_sid_S_1_5_20))
- {
- char *name;
- got_grps = True;
-
- while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
- {
- DOMAIN_GRP tmp_grp;
-
- fstrcpy(tmp_grp.name , name);
- fstrcpy(tmp_grp.comment, "");
- tmp_grp.rid = domain_group_rids[num_entries].rid;
- tmp_grp.attr = 0x7;
-
- if (!add_domain_group(&grps, &num_entries, &tmp_grp))
- {
- r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
- break;
- }
- }
- }
- else if (sid_equal(&sid, &global_sam_sid))
- {
- BOOL ret;
- char *name;
- got_grps = True;
-
- while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
- {
- DOMAIN_GRP tmp_grp;
-
- fstrcpy(tmp_grp.name , name);
- fstrcpy(tmp_grp.comment, "");
- tmp_grp.rid = domain_group_rids[num_entries].rid;
- tmp_grp.attr = 0x7;
+ DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
- if (!add_domain_group(&grps, &num_entries, &tmp_grp))
- {
- r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
- break;
- }
- }
-
- become_root(True);
- ret = enumdomgroups(&grps, &num_entries);
- unbecome_root(True);
- if (!ret)
- {
- r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
- }
- }
+ got_grps = True;
+ num_entries = 1;
+ ZERO_STRUCTP(&pass[0]);
+ init_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group));
+ pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS;
if (r_e.status == 0 && got_grps)
{
- make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status);
+ init_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status);
}
/* store the response in the SMB stream */
- samr_io_r_enum_dom_groups("", &r_e, rdata, 0);
-
- if (grps != NULL)
- {
- free(grps);
- }
+ if(!samr_io_r_enum_dom_groups("", &r_e, rdata, 0))
+ return False;
DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
+
+ return True;
}
/*******************************************************************
api_samr_enum_dom_groups
********************************************************************/
-static void api_samr_enum_dom_groups( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_enum_dom_groups(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_ENUM_DOM_GROUPS q_e;
/* grab the samr open */
- samr_io_q_enum_dom_groups("", &q_e, data, 0);
+ if(!samr_io_q_enum_dom_groups("", &q_e, data, 0))
+ return False;
/* construct reply. */
- samr_reply_enum_dom_groups(&q_e, rdata);
-}
+ if(!samr_reply_enum_dom_groups(&q_e, rdata))
+ return False;
+ return True;
+}
/*******************************************************************
samr_reply_enum_dom_aliases
********************************************************************/
-static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
+static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
prs_struct *rdata)
{
SAMR_R_ENUM_DOM_ALIASES r_e;
- LOCAL_GRP *alss = NULL;
+ SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
int num_entries = 0;
DOM_SID sid;
fstring sid_str;
+ fstring sam_sid_str;
+ struct group *grp;
r_e.status = 0x0;
r_e.num_entries = 0;
}
sid_to_string(sid_str, &sid);
+ sid_to_string(sam_sid_str, &global_sam_sid);
DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
/* well-known aliases */
- if (sid_equal(&sid, &global_sid_S_1_5_20))
+ if (strequal(sid_str, "S-1-5-32"))
{
char *name;
-
- while ((name = builtin_alias_rids[num_entries].name) != NULL)
+ while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
{
- LOCAL_GRP tmp_als;
-
- fstrcpy(tmp_als.name , name);
- fstrcpy(tmp_als.comment, "");
- tmp_als.rid = builtin_alias_rids[num_entries].rid;
-
- if (!add_domain_alias(&alss, &num_entries, &tmp_als))
- {
- r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
- break;
- }
+ init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
+ pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
+ num_entries++;
}
}
- else if (sid_equal(&sid, &global_sam_sid))
+ else if (strequal(sid_str, sam_sid_str))
{
- BOOL ret;
+ char *name;
/* local aliases */
- num_entries = 0;
+ /* we return the UNIX groups here. This seems to be the right */
+ /* thing to do, since NT member servers return their local */
+ /* groups in the same situation. */
+ setgrent();
- become_root(True);
- ret = enumdomaliases(&alss, &num_entries);
- unbecome_root(True);
- if (!ret)
+ while (num_entries < MAX_SAM_ENTRIES && ((grp = getgrent()) != NULL))
{
- r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+ name = grp->gr_name;
+ init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
+ pass[num_entries].user_rid = pdb_gid_to_group_rid(grp->gr_gid);
+ num_entries++;
}
+
+ endgrent();
}
- if (r_e.status == 0x0)
- {
- make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status);
- }
+ init_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
/* store the response in the SMB stream */
- samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
-
- if (alss != NULL)
- {
- free(alss);
- }
+ if(!samr_io_r_enum_dom_aliases("", &r_e, rdata, 0))
+ return False;
DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_enum_dom_aliases
********************************************************************/
-static void api_samr_enum_dom_aliases( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_enum_dom_aliases(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_ENUM_DOM_ALIASES q_e;
/* grab the samr open */
- samr_io_q_enum_dom_aliases("", &q_e, data, 0);
+ if(!samr_io_q_enum_dom_aliases("", &q_e, data, 0))
+ return False;
/* construct reply. */
- samr_reply_enum_dom_aliases(&q_e, rdata);
+ if(!samr_reply_enum_dom_aliases(&q_e, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_query_dispinfo
********************************************************************/
-static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
- prs_struct *rdata)
+static BOOL samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u, prs_struct *rdata)
{
SAMR_R_QUERY_DISPINFO r_e;
SAM_INFO_CTR ctr;
if (r_e.status == 0x0)
{
+ /* decide how many entries to get depending on the max_entries
+ and max_size passed by client */
+ uint32 retsize;
+
+ if(q_u->max_entries > MAX_SAM_ENTRIES)
+ q_u->max_entries = MAX_SAM_ENTRIES;
+
+ retsize = (q_u->max_entries * (sizeof(SAM_ENTRY1)+sizeof(SAM_STR1)))
+ + 3*sizeof(uint32);
+
+ if(retsize > q_u->max_size)
+ {
+ /* determine max_entries based on max_size */
+ q_u->max_entries = (q_u->max_size - 3*sizeof(uint32)) /
+ (sizeof(SAM_ENTRY1)+sizeof(SAM_STR1));
+ q_u->max_entries = (q_u->max_entries>0?q_u->max_entries:1);
+ }
+
+ DEBUG(10,("samr_reply_query_dispinfo: Setting q_u->max_entries to %u\n",q_u->max_entries));
+
become_root(True);
- got_pwds = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
+ got_pwds = get_passwd_entries(pass, q_u->start_idx, &total_entries, &num_entries, q_u->max_entries, 0);
unbecome_root(True);
+ /* more left - set resume handle */
+ if(total_entries > num_entries)
+ {
+ r_e.status = 0x105;
+ }
+
switch (q_u->switch_level)
{
case 0x1:
/* query disp info is for users */
switch_level = 0x1;
- make_sam_info_1(&info1, ACB_NORMAL,
+ init_sam_info_1(&info1, ACB_NORMAL,
q_u->start_idx, num_entries, pass);
ctr.sam.info1 = &info1;
{
/* query disp info is for servers */
switch_level = 0x2;
- make_sam_info_2(&info2, ACB_WSTRUST,
+ init_sam_info_2(&info2, ACB_WSTRUST,
q_u->start_idx, num_entries, pass);
ctr.sam.info2 = &info2;
}
}
- if (r_e.status == 0 && got_pwds)
+ /* more left - set resume handle */
+ if(total_entries > num_entries)
+ {
+ r_e.status = 0x105;
+ }
+
+ if (r_e.status == 0 || r_e.status == 0x105)
{
- make_samr_r_query_dispinfo(&r_e, switch_level, &ctr, r_e.status);
+ init_samr_r_query_dispinfo(&r_e, switch_level, &ctr, r_e.status);
}
/* store the response in the SMB stream */
- samr_io_r_query_dispinfo("", &r_e, rdata, 0);
+ if(!samr_io_r_query_dispinfo("", &r_e, rdata, 0))
+ return False;
DEBUG(5,("samr_query_dispinfo: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_query_dispinfo
********************************************************************/
-static void api_samr_query_dispinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_query_dispinfo(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_QUERY_DISPINFO q_e;
/* grab the samr open */
- samr_io_q_query_dispinfo("", &q_e, data, 0);
+ if(!samr_io_q_query_dispinfo("", &q_e, data, 0))
+ return False;
/* construct reply. */
- samr_reply_query_dispinfo(&q_e, rdata);
+ if(!samr_reply_query_dispinfo(&q_e, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_query_aliasinfo
********************************************************************/
-static void samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u,
+static BOOL samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u,
prs_struct *rdata)
{
- SAMR_R_QUERY_ALIASINFO r_e;
-
- r_e.status = 0x0;
- r_e.ptr = 0;
-
- /* find the policy handle. open a policy on it. */
- if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
- {
- r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
- }
-
- DEBUG(5,("samr_reply_query_aliasinfo: %d\n", __LINE__));
-
- if (r_e.status == 0x0)
- {
- if (q_u->switch_level != 3)
- {
- r_e.status = NT_STATUS_INVALID_INFO_CLASS;
- }
- }
-
- make_samr_r_query_aliasinfo(&r_e, q_u->switch_level,
- "<account description>",
- r_e.status);
-
- /* store the response in the SMB stream */
- samr_io_r_query_aliasinfo("", &r_e, rdata, 0);
-
- DEBUG(5,("samr_query_aliasinfo: %d\n", __LINE__));
+ SAMR_R_QUERY_ALIASINFO r_e;
+ fstring alias_desc = "Local Unix group";
+ fstring alias="";
+ uint8 type;
+ uint32 alias_rid;
+
+ ZERO_STRUCT(r_e);
+
+ DEBUG(5,("samr_reply_query_aliasinfo: %d\n", __LINE__));
+
+ /* find the policy handle. open a policy on it. */
+ if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
+ {
+ r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+
+ alias_rid = get_lsa_policy_samr_rid(&q_u->pol);
+ if(alias_rid == 0xffffffff)
+ r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
+
+ if(!lookup_local_rid(alias_rid, alias, &type))
+ {
+ r_e.status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS;
+ }
+
+ init_samr_r_query_aliasinfo(&r_e, q_u->switch_level, alias, alias_desc);
+
+ /* store the response in the SMB stream */
+ if(!samr_io_r_query_aliasinfo("", &r_e, rdata, 0))
+ return False;
+
+ DEBUG(5,("samr_query_aliasinfo: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_query_aliasinfo
********************************************************************/
-static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_query_aliasinfo(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_QUERY_ALIASINFO q_e;
/* grab the samr open */
- samr_io_q_query_aliasinfo("", &q_e, data, 0);
+ if(!samr_io_q_query_aliasinfo("", &q_e, data, 0))
+ return False;
/* construct reply. */
- samr_reply_query_aliasinfo(&q_e, rdata);
+ if(!samr_reply_query_aliasinfo(&q_e, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_lookup_ids
********************************************************************/
-static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
+static BOOL samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
prs_struct *rdata)
{
uint32 rid[MAX_SAM_ENTRIES];
uint32 status = 0;
- int num_rids = 0;
- int i;
- struct sam_passwd *sam_pass;
- DOM_SID usr_sid;
- DOM_SID dom_sid;
- uint32 user_rid;
- fstring sam_sid_str;
- fstring dom_sid_str;
- fstring usr_sid_str;
+ int num_rids = q_u->num_sids1;
SAMR_R_LOOKUP_IDS r_u;
DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
- /* find the policy handle. open a policy on it. */
- if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid))
- {
- status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
- }
- else
- {
- sid_to_string(dom_sid_str, &dom_sid );
- sid_to_string(sam_sid_str, &global_sam_sid);
- }
-
if (num_rids > MAX_SAM_ENTRIES)
{
num_rids = MAX_SAM_ENTRIES;
DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids));
}
- if (status == 0x0)
+#if 0
+ int i;
+ SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
+
+ for (i = 0; i < num_rids && status == 0; i++)
{
- usr_sid = q_u->sid[0].sid;
- sid_split_rid(&usr_sid, &user_rid);
- sid_to_string(usr_sid_str, &usr_sid);
+ struct sam_passwd *sam_pass;
+ fstring user_name;
- }
- if (status == 0x0)
- {
+ fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer,
+ q_u->uni_user_name[i].uni_str_len));
+
/* find the user account */
become_root(True);
- sam_pass = getsam21pwrid(user_rid);
+ sam_pass = get_smb21pwd_entry(user_name, 0);
unbecome_root(True);
if (sam_pass == NULL)
{
status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- num_rids = 0;
- }
- }
-
- if (status == 0x0)
- {
- if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
- {
- DEBUG(5,("lookup on S-1-5-20\n"));
- }
- else if (sid_equal(&dom_sid, &usr_sid))
- {
- DOMAIN_GRP *mem_grp = NULL;
-
- DEBUG(5,("lookup on Domain SID\n"));
-
- become_root(True);
- getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids);
- unbecome_root(True);
-
- num_rids = MIN(num_rids, MAX_SAM_ENTRIES);
-
- if (mem_grp != NULL)
- {
- for (i = 0; i < num_rids; i++)
- {
- rid[i] = mem_grp[i].rid;
- }
- free(mem_grp);
- }
+ rid[i] = 0;
}
else
{
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ rid[i] = sam_pass->user_rid;
}
}
+#endif
+
+ num_rids = 1;
+ rid[0] = BUILTIN_ALIAS_RID_USERS;
- make_samr_r_lookup_ids(&r_u, num_rids, rid, status);
+ init_samr_r_lookup_ids(&r_u, num_rids, rid, status);
/* store the response in the SMB stream */
- samr_io_r_lookup_ids("", &r_u, rdata, 0);
+ if(!samr_io_r_lookup_ids("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_lookup_ids
********************************************************************/
-static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_lookup_ids(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_LOOKUP_IDS q_u;
/* grab the samr 0x10 */
- samr_io_q_lookup_ids("", &q_u, data, 0);
+ if(!samr_io_q_lookup_ids("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_lookup_ids(&q_u, rdata);
+ if(!samr_reply_lookup_ids(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_lookup_names
********************************************************************/
-static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
- prs_struct *rdata)
+
+static BOOL samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
+ prs_struct *rdata)
{
- uint32 rid [MAX_SAM_ENTRIES];
- uint8 type[MAX_SAM_ENTRIES];
- uint32 status = 0;
- int i;
- int num_rids = q_u->num_rids1;
+ uint32 rid[MAX_SAM_ENTRIES];
+ uint8 type[MAX_SAM_ENTRIES];
+ uint32 status = 0;
+ int i;
+ int num_rids = q_u->num_names1;
+ DOM_SID pol_sid;
- SAMR_R_LOOKUP_NAMES r_u;
+ SAMR_R_LOOKUP_NAMES r_u;
- DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
+ DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
- if (num_rids > MAX_SAM_ENTRIES)
- {
- num_rids = MAX_SAM_ENTRIES;
- DEBUG(5,("samr_lookup_names: truncating entries to %d\n", num_rids));
- }
+ ZERO_ARRAY(rid);
+ ZERO_ARRAY(type);
- SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
+ if (!get_lsa_policy_samr_sid(&q_u->pol, &pol_sid)) {
+ status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
+ init_samr_r_lookup_names(&r_u, 0, rid, type, status);
+ if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) {
+ DEBUG(0,("samr_reply_lookup_names: failed to marshall SAMR_R_LOOKUP_NAMES.\n"));
+ return False;
+ }
+ return True;
+ }
- for (i = 0; i < num_rids && status == 0; i++)
- {
- fstring name;
- fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len));
+ if (num_rids > MAX_SAM_ENTRIES) {
+ num_rids = MAX_SAM_ENTRIES;
+ DEBUG(5,("samr_lookup_names: truncating entries to %d\n", num_rids));
+ }
+
+ SMB_ASSERT_ARRAY(q_u->uni_name, num_rids);
+
+ for (i = 0; i < num_rids; i++) {
+ fstring name;
+
+ status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
- status = lookup_rid(name, &(rid[i]), &(type[i]));
+ rid [i] = 0xffffffff;
+ type[i] = SID_NAME_UNKNOWN;
+
+ fstrcpy(name, dos_unistrn2(q_u->uni_name[i].buffer,
+ q_u->uni_name[i].uni_str_len));
+
+ if(sid_equal(&pol_sid, &global_sam_sid))
+ {
+ DOM_SID sid;
+ if(lookup_local_name(global_myname, name,
+ &sid, &type[i]))
+ {
+ sid_split_rid( &sid, &rid[i]);
+ status = 0;
}
+ }
+ }
- make_samr_r_lookup_names(&r_u, num_rids, rid, type, status);
+ init_samr_r_lookup_names(&r_u, num_rids, rid, type, status);
- /* store the response in the SMB stream */
- samr_io_r_lookup_names("", &r_u, rdata, 0);
+ /* store the response in the SMB stream */
+ if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) {
+ DEBUG(0,("samr_reply_lookup_names: failed to marshall SAMR_R_LOOKUP_NAMES.\n"));
+ return False;
+ }
- DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
+ DEBUG(5,("samr_lookup_names: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_lookup_names
********************************************************************/
-static void api_samr_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rdata)
+
+static BOOL api_samr_lookup_names(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_LOOKUP_NAMES q_u;
+ memset(&q_u, '\0', sizeof(q_u));
+
/* grab the samr lookup names */
- samr_io_q_lookup_names("", &q_u, data, 0);
+ if(!samr_io_q_lookup_names("", &q_u, data, 0)) {
+ DEBUG(0,("api_samr_lookup_names: failed to unmarshall SAMR_Q_LOOKUP_NAMES.\n"));
+ return False;
+ }
/* construct reply. always indicate success */
- samr_reply_lookup_names(&q_u, rdata);
+ if(!samr_reply_lookup_names(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_chgpasswd_user
********************************************************************/
-static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
+
+static BOOL samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
prs_struct *rdata)
{
SAMR_R_CHGPASSWD_USER r_u;
fstring user_name;
fstring wks;
- fstrcpy(user_name, unistrn2(q_u->uni_user_name.buffer, q_u->uni_user_name.uni_str_len));
- fstrcpy(wks , unistrn2(q_u->uni_dest_host.buffer, q_u->uni_dest_host.uni_str_len));
+ fstrcpy(user_name, dos_unistrn2(q_u->uni_user_name.buffer, q_u->uni_user_name.uni_str_len));
+ fstrcpy(wks , dos_unistrn2(q_u->uni_dest_host.buffer, q_u->uni_dest_host.uni_str_len));
DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
}
- make_samr_r_chgpasswd_user(&r_u, status);
+ init_samr_r_chgpasswd_user(&r_u, status);
/* store the response in the SMB stream */
- samr_io_r_chgpasswd_user("", &r_u, rdata, 0);
+ if(!samr_io_r_chgpasswd_user("", &r_u, rdata, 0)) {
+ DEBUG(0,("samr_reply_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER struct.\n" ));
+ return False;
+ }
DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_chgpasswd_user
********************************************************************/
-static void api_samr_chgpasswd_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
+
+static BOOL api_samr_chgpasswd_user(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_CHGPASSWD_USER q_u;
/* unknown 38 command */
- samr_io_q_chgpasswd_user("", &q_u, data, 0);
+ if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) {
+ DEBUG(0,("api_samr_chgpasswd_user: samr_io_q_chgpasswd_user failed to parse RPC packet.\n"));
+ return False;
+ }
/* construct reply. */
- samr_reply_chgpasswd_user(&q_u, rdata);
+ if(!samr_reply_chgpasswd_user(&q_u, rdata)) {
+ DEBUG(0,("api_samr_chgpasswd_user: samr_reply_chgpasswd_user failed to create reply packet.\n"));
+ return False;
+ }
+
+ return True;
}
/*******************************************************************
samr_reply_unknown_38
********************************************************************/
-static void samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u,
- prs_struct *rdata)
+static BOOL samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u, prs_struct *rdata)
{
SAMR_R_UNKNOWN_38 r_u;
DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
- make_samr_r_unknown_38(&r_u);
+ init_samr_r_unknown_38(&r_u);
/* store the response in the SMB stream */
- samr_io_r_unknown_38("", &r_u, rdata, 0);
+ if(!samr_io_r_unknown_38("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_unknown_38
********************************************************************/
-static void api_samr_unknown_38( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_unknown_38(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_UNKNOWN_38 q_u;
/* unknown 38 command */
- samr_io_q_unknown_38("", &q_u, data, 0);
+ if(!samr_io_q_unknown_38("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_unknown_38(&q_u, rdata);
+ if(!samr_reply_unknown_38(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_unknown_12
********************************************************************/
-static void samr_reply_unknown_12(SAMR_Q_UNKNOWN_12 *q_u,
+static BOOL samr_reply_unknown_12(SAMR_Q_UNKNOWN_12 *q_u,
prs_struct *rdata)
{
fstring group_names[MAX_SAM_ENTRIES];
}
}
- make_samr_r_unknown_12(&r_u, num_gids, group_names, group_attrs, status);
+ init_samr_r_unknown_12(&r_u, num_gids, group_names, group_attrs, status);
/* store the response in the SMB stream */
- samr_io_r_unknown_12("", &r_u, rdata, 0);
+ if(!samr_io_r_unknown_12("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_unknown_12: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_unknown_12
********************************************************************/
-static void api_samr_unknown_12( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_unknown_12(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_UNKNOWN_12 q_u;
/* grab the samr lookup names */
- samr_io_q_unknown_12("", &q_u, data, 0);
+ if(!samr_io_q_unknown_12("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_unknown_12(&q_u, rdata);
+ if(!samr_reply_unknown_12(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_open_user
********************************************************************/
-static void samr_reply_open_user(SAMR_Q_OPEN_USER *q_u,
- prs_struct *rdata,
- int status)
+static BOOL samr_reply_open_user(SAMR_Q_OPEN_USER *q_u, prs_struct *rdata, int status)
{
SAMR_R_OPEN_USER r_u;
struct sam_passwd *sam_pass;
BOOL pol_open = False;
/* set up the SAMR open_user response */
- bzero(r_u.user_pol.data, POL_HND_SIZE);
+ memset((char *)r_u.user_pol.data, '\0', POL_HND_SIZE);
r_u.status = 0x0;
DEBUG(5,("samr_open_user: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_open_user("", &r_u, rdata, 0);
+ if(!samr_io_r_open_user("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_open_user: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_open_user
********************************************************************/
-static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_open_user(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_OPEN_USER q_u;
/* grab the samr unknown 22 */
- samr_io_q_open_user("", &q_u, data, 0);
+ if(!samr_io_q_open_user("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_open_user(&q_u, rdata, 0x0);
+ if(!samr_reply_open_user(&q_u, rdata, 0x0))
+ return False;
+
+ return True;
}
{
struct smb_passwd *smb_pass;
- if (!pwdb_rid_is_user(user_rid))
+ if (!pdb_rid_is_user(user_rid))
{
DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
return False;
DEBUG(3,("User:[%s]\n", smb_pass->smb_name));
- make_sam_user_info10(id10, smb_pass->acct_ctrl);
+ init_sam_user_info10(id10, smb_pass->acct_ctrl);
return True;
}
LOGON_HRS hrs;
int i;
- if (!pwdb_rid_is_user(user_rid))
+ if (!pdb_rid_is_user(user_rid))
{
DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
return False;
dummy_time.low = 0xffffffff;
dummy_time.high = 0x7fffffff;
- DEBUG(0,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
+ DEBUG(5,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
/* create a LOGON_HRS structure */
hrs.len = sam_pass->hours_len;
hrs.hours[i] = sam_pass->hours[i];
}
- make_sam_user_info21(id21,
+ init_sam_user_info21(id21,
&dummy_time, /* logon_time */
&dummy_time, /* logoff_time */
/*******************************************************************
samr_reply_query_userinfo
********************************************************************/
-static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
+static BOOL samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
prs_struct *rdata)
{
SAMR_R_QUERY_USERINFO r_u;
}
}
- make_samr_r_query_userinfo(&r_u, q_u->switch_value, info, status);
+ init_samr_r_query_userinfo(&r_u, q_u->switch_value, info, status);
/* store the response in the SMB stream */
- samr_io_r_query_userinfo("", &r_u, rdata, 0);
+ if(!samr_io_r_query_userinfo("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_reply_query_userinfo: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_query_userinfo
********************************************************************/
-static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_query_userinfo(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_QUERY_USERINFO q_u;
/* grab the samr unknown 24 */
- samr_io_q_query_userinfo("", &q_u, data, 0);
+ if(!samr_io_q_query_userinfo("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_query_userinfo(&q_u, rdata);
+ if(!samr_reply_query_userinfo(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_query_usergroups
********************************************************************/
-static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
+static BOOL samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
prs_struct *rdata)
{
SAMR_R_QUERY_USERGROUPS r_u;
if (status == 0x0)
{
- DOMAIN_GRP *mem_grp = NULL;
-
- become_root(True);
- getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups);
- unbecome_root(True);
-
+ pstring groups;
+ get_domain_user_groups(groups, sam_pass->smb_name);
gids = NULL;
- num_groups = make_dom_gids(mem_grp, num_groups, &gids);
-
- if (mem_grp != NULL)
- {
- free(mem_grp);
- }
+ num_groups = make_dom_gids(groups, &gids);
}
/* construct the response. lkclXXXX: gids are not copied! */
- make_samr_r_query_usergroups(&r_u, num_groups, gids, status);
+ init_samr_r_query_usergroups(&r_u, num_groups, gids, status);
/* store the response in the SMB stream */
- samr_io_r_query_usergroups("", &r_u, rdata, 0);
+ if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) {
+ if (gids)
+ free((char *)gids);
+ return False;
+ }
if (gids)
- {
free((char *)gids);
- }
DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
-
+
+ return True;
}
/*******************************************************************
api_samr_query_usergroups
********************************************************************/
-static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_query_usergroups(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_QUERY_USERGROUPS q_u;
/* grab the samr unknown 32 */
- samr_io_q_query_usergroups("", &q_u, data, 0);
+ if(!samr_io_q_query_usergroups("", &q_u, data, 0))
+ return False;
/* construct reply. */
- samr_reply_query_usergroups(&q_u, rdata);
+ if(!samr_reply_query_usergroups(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_query_dom_info
********************************************************************/
-static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
- prs_struct *rdata)
+static BOOL samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, prs_struct *rdata)
{
SAMR_R_QUERY_DOMAIN_INFO r_u;
SAM_UNK_CTR ctr;
case 0x02:
{
switch_value = 0x2;
- make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname);
+ init_unk_info2(&ctr.info.inf2, global_myworkgroup, global_myname);
break;
}
}
}
- make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status);
+ init_samr_r_query_dom_info(&r_u, switch_value, &ctr, status);
/* store the response in the SMB stream */
- samr_io_r_query_dom_info("", &r_u, rdata, 0);
+ if(!samr_io_r_query_dom_info("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_query_dom_info: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_query_dom_info
********************************************************************/
-static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_query_dom_info(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_QUERY_DOMAIN_INFO q_e;
/* grab the samr unknown 8 command */
- samr_io_q_query_dom_info("", &q_e, data, 0);
+ if(!samr_io_q_query_dom_info("", &q_e, data, 0))
+ return False;
/* construct reply. */
- samr_reply_query_dom_info(&q_e, rdata);
-}
-
+ if(!samr_reply_query_dom_info(&q_e, rdata))
+ return False;
+ return True;
+}
/*******************************************************************
samr_reply_unknown_32
********************************************************************/
-static void samr_reply_unknown_32(SAMR_Q_UNKNOWN_32 *q_u,
+static BOOL samr_reply_unknown_32(SAMR_Q_UNKNOWN_32 *q_u,
prs_struct *rdata,
int status)
{
SAMR_R_UNKNOWN_32 r_u;
/* set up the SAMR unknown_32 response */
- bzero(r_u.pol.data, POL_HND_SIZE);
+ memset((char *)r_u.pol.data, '\0', POL_HND_SIZE);
if (status == 0)
{
for (i = 4; i < POL_HND_SIZE; i++)
}
}
- make_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
+ init_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
r_u.status = status;
DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_unknown_32("", &r_u, rdata, 0);
+ if(!samr_io_r_unknown_32("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_unknown_32
********************************************************************/
-static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_unknown_32(prs_struct *data, prs_struct *rdata)
{
uint32 status = 0;
struct sam_passwd *sam_pass;
reply if the account already exists...
*/
- fstrcpy(mach_acct, unistrn2(q_u.uni_mach_acct.buffer,
+ fstrcpy(mach_acct, dos_unistrn2(q_u.uni_mach_acct.buffer,
q_u.uni_mach_acct.uni_str_len));
become_root(True);
}
/* construct reply. */
- samr_reply_unknown_32(&q_u, rdata, status);
+ if(!samr_reply_unknown_32(&q_u, rdata, status))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_connect_anon
********************************************************************/
-static void samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u,
- prs_struct *rdata)
+static BOOL samr_reply_connect_anon(SAMR_Q_CONNECT_ANON *q_u, prs_struct *rdata)
{
SAMR_R_CONNECT_ANON r_u;
BOOL pol_open = False;
DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_connect_anon("", &r_u, rdata, 0);
+ if(!samr_io_r_connect_anon("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_connect_anon: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_connect_anon
********************************************************************/
-static void api_samr_connect_anon( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_connect_anon(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_CONNECT_ANON q_u;
/* grab the samr open policy */
- samr_io_q_connect_anon("", &q_u, data, 0);
+ if(!samr_io_q_connect_anon("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_connect_anon(&q_u, rdata);
+ if(!samr_reply_connect_anon(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_connect
********************************************************************/
-static void samr_reply_connect(SAMR_Q_CONNECT *q_u,
- prs_struct *rdata)
+static BOOL samr_reply_connect(SAMR_Q_CONNECT *q_u, prs_struct *rdata)
{
SAMR_R_CONNECT r_u;
BOOL pol_open = False;
DEBUG(5,("samr_connect: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_connect("", &r_u, rdata, 0);
+ if(!samr_io_r_connect("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_connect: %d\n", __LINE__));
+ return True;
}
/*******************************************************************
api_samr_connect
********************************************************************/
-static void api_samr_connect( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_connect(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_CONNECT q_u;
/* grab the samr open policy */
- samr_io_q_connect("", &q_u, data, 0);
+ if(!samr_io_q_connect("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_connect(&q_u, rdata);
+ if(!samr_reply_connect(&q_u, rdata))
+ return False;
+
+ return True;
+}
+
+/**********************************************************************
+ api_reply_lookup_domain
+ **********************************************************************/
+static BOOL samr_reply_lookup_domain(SAMR_Q_LOOKUP_DOMAIN* q_u, prs_struct* rdata)
+{
+ SAMR_R_LOOKUP_DOMAIN r_u;
+
+ r_u.status = 0x0;
+ if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->connect_pol)) == -1))
+ {
+ r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ DEBUG(5,("samr_reply_lookup_domain: invalid handle\n"));
+ }
+
+ /* assume the domain name sent is our global_myname and
+ send global_sam_sid */
+ init_samr_r_lookup_domain(&r_u, &global_sam_sid, r_u.status);
+
+ if(!samr_io_r_lookup_domain("", &r_u, rdata, 0))
+ return False;
+
+ DEBUG(5,("samr_reply_lookup_domain: %d\n", __LINE__));
+
+ return True;
+}
+
+/**********************************************************************
+ api_samr_lookup_domain
+ **********************************************************************/
+static BOOL api_samr_lookup_domain(prs_struct* data, prs_struct* rdata)
+{
+ SAMR_Q_LOOKUP_DOMAIN q_u;
+
+ if(!samr_io_q_lookup_domain("", &q_u, data, 0))
+ return False;
+
+ if(!samr_reply_lookup_domain(&q_u, rdata))
+ return False;
+
+ return True;
+}
+
+/**********************************************************************
+ samr_reply_enum_domains
+ **********************************************************************/
+static BOOL samr_reply_enum_domains(SAMR_Q_ENUM_DOMAINS* q_u, prs_struct* rdata)
+{
+ SAMR_R_ENUM_DOMAINS r_u;
+ fstring dom[2];
+
+ fstrcpy(dom[0],global_myname);
+ fstrcpy(dom[1],"Builtin");
+ r_u.status = 0;
+
+ init_samr_r_enum_domains(&r_u, q_u->start_idx, dom, 2);
+ if(!samr_io_r_enum_domains("", &r_u, rdata, 0)) {
+ free(r_u.sam);
+ free(r_u.uni_dom_name);
+ return False;
+ }
+
+ free(r_u.sam);
+ free(r_u.uni_dom_name);
+
+ return True;
+}
+
+/**********************************************************************
+ api_samr_enum_domains
+ **********************************************************************/
+static BOOL api_samr_enum_domains(prs_struct* data, prs_struct* rdata)
+{
+ SAMR_Q_ENUM_DOMAINS q_u;
+
+ if(!samr_io_q_enum_domains("", &q_u, data, 0))
+ return False;
+
+ if(!samr_reply_enum_domains(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
samr_reply_open_alias
********************************************************************/
-static void samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u,
- prs_struct *rdata)
+static BOOL samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u, prs_struct *rdata)
{
SAMR_R_OPEN_ALIAS r_u;
BOOL pol_open = False;
DEBUG(5,("samr_open_alias: %d\n", __LINE__));
/* store the response in the SMB stream */
- samr_io_r_open_alias("", &r_u, rdata, 0);
+ if(!samr_io_r_open_alias("", &r_u, rdata, 0))
+ return False;
DEBUG(5,("samr_open_alias: %d\n", __LINE__));
-
+
+ return True;
}
/*******************************************************************
api_samr_open_alias
********************************************************************/
-static void api_samr_open_alias( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static BOOL api_samr_open_alias(prs_struct *data, prs_struct *rdata)
{
SAMR_Q_OPEN_ALIAS q_u;
/* grab the samr open policy */
- samr_io_q_open_alias("", &q_u, data, 0);
+ if(!samr_io_q_open_alias("", &q_u, data, 0))
+ return False;
/* construct reply. always indicate success */
- samr_reply_open_alias(&q_u, rdata);
+ if(!samr_reply_open_alias(&q_u, rdata))
+ return False;
+
+ return True;
}
/*******************************************************************
{ "SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
{ "SAMR_UNKNOWN_3" , SAMR_UNKNOWN_3 , api_samr_unknown_3 },
{ "SAMR_UNKNOWN_2C" , SAMR_UNKNOWN_2C , api_samr_unknown_2c },
+ { "SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain },
+ { "SAMR_ENUM_DOMAINS" , SAMR_ENUM_DOMAINS , api_samr_enum_domains },
{ NULL , 0 , NULL }
};
{
return api_rpcTNP(p, "api_samr_rpc", api_samr_cmds, data);
}
-
+#undef OLD_NTDOMAIN
git.samba.org / ira / wip.git / blobdiff