*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/*
#define DISP_INFO_CACHE_TIMEOUT 10
typedef struct disp_info {
- struct disp_info *next, *prev;
- TALLOC_CTX *mem_ctx;
DOM_SID sid; /* identify which domain this is. */
- BOOL builtin_domain; /* Quick flag to check if this is the builtin domain. */
+ bool builtin_domain; /* Quick flag to check if this is the builtin domain. */
struct pdb_search *users; /* querydispinfo 1 and 4 */
struct pdb_search *machines; /* querydispinfo 2 */
struct pdb_search *groups; /* querydispinfo 3 and 5, enumgroups */
uint16 enum_acb_mask;
struct pdb_search *enum_users; /* enumusers with a mask */
-
- smb_event_id_t di_cache_timeout_event; /* cache idle timeout handler. */
+ struct timed_event *cache_timeout_event; /* cache idle timeout
+ * handler. */
} DISP_INFO;
/* We keep a static list of these by SID as modern clients close down
all resources between each request in a complete enumeration. */
-static DISP_INFO *disp_info_list;
-
struct samr_info {
/* for use by the \PIPE\samr policy */
DOM_SID sid;
- BOOL builtin_domain; /* Quick flag to check if this is the builtin domain. */
+ bool builtin_domain; /* Quick flag to check if this is the builtin domain. */
uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */
uint32 acc_granted;
DISP_INFO *disp_info;
TALLOC_CTX *mem_ctx;
};
-static struct generic_mapping sam_generic_mapping = {
+static const struct generic_mapping sam_generic_mapping = {
GENERIC_RIGHTS_SAM_READ,
GENERIC_RIGHTS_SAM_WRITE,
GENERIC_RIGHTS_SAM_EXECUTE,
GENERIC_RIGHTS_SAM_ALL_ACCESS};
-static struct generic_mapping dom_generic_mapping = {
+static const struct generic_mapping dom_generic_mapping = {
GENERIC_RIGHTS_DOMAIN_READ,
GENERIC_RIGHTS_DOMAIN_WRITE,
GENERIC_RIGHTS_DOMAIN_EXECUTE,
GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
-static struct generic_mapping usr_generic_mapping = {
+static const struct generic_mapping usr_generic_mapping = {
GENERIC_RIGHTS_USER_READ,
GENERIC_RIGHTS_USER_WRITE,
GENERIC_RIGHTS_USER_EXECUTE,
GENERIC_RIGHTS_USER_ALL_ACCESS};
-static struct generic_mapping usr_nopwchange_generic_mapping = {
+static const struct generic_mapping usr_nopwchange_generic_mapping = {
GENERIC_RIGHTS_USER_READ,
GENERIC_RIGHTS_USER_WRITE,
GENERIC_RIGHTS_USER_EXECUTE & ~SA_RIGHT_USER_CHANGE_PASSWORD,
GENERIC_RIGHTS_USER_ALL_ACCESS};
-static struct generic_mapping grp_generic_mapping = {
+static const struct generic_mapping grp_generic_mapping = {
GENERIC_RIGHTS_GROUP_READ,
GENERIC_RIGHTS_GROUP_WRITE,
GENERIC_RIGHTS_GROUP_EXECUTE,
GENERIC_RIGHTS_GROUP_ALL_ACCESS};
-static struct generic_mapping ali_generic_mapping = {
+static const struct generic_mapping ali_generic_mapping = {
GENERIC_RIGHTS_ALIAS_READ,
GENERIC_RIGHTS_ALIAS_WRITE,
GENERIC_RIGHTS_ALIAS_EXECUTE,
*******************************************************************/
static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size,
- struct generic_mapping *map,
+ const struct generic_mapping *map,
DOM_SID *sid, uint32 sid_access )
{
DOM_SID domadmin_sid;
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
+ SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
+ psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
Fetch or create a dispinfo struct.
********************************************************************/
-static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid, const char *sid_str)
+static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
{
- TALLOC_CTX *mem_ctx;
- DISP_INFO *dpi;
+ /*
+ * We do a static cache for DISP_INFO's here. Explanation can be found
+ * in Jeremy's checkin message to r11793:
+ *
+ * Fix the SAMR cache so it works across completely insane
+ * client behaviour (ie.:
+ * open pipe/open SAMR handle/enumerate 0 - 1024
+ * close SAMR handle, close pipe.
+ * open pipe/open SAMR handle/enumerate 1024 - 2048...
+ * close SAMR handle, close pipe.
+ * And on ad-nausium. Amazing.... probably object-oriented
+ * client side programming in action yet again.
+ * This change should *massively* improve performance when
+ * enumerating users from an LDAP database.
+ * Jeremy.
+ *
+ * "Our" and the builtin domain are the only ones where we ever
+ * enumerate stuff, so just cache 2 entries.
+ */
+
+ static struct disp_info builtin_dispinfo;
+ static struct disp_info domain_dispinfo;
/* There are two cases to consider here:
1) The SID is a domain SID and we look for an equality match, or
2) This is an account SID and so we return the DISP_INFO* for our
domain */
- if ( psid && sid_check_is_in_our_domain( psid ) ) {
- DEBUG(10,("get_samr_dispinfo_by_sid: Replacing %s with our domain SID\n",
- sid_str));
- psid = get_global_sam_sid();
- }
-
- for (dpi = disp_info_list; dpi; dpi = dpi->next) {
- if (sid_equal(psid, &dpi->sid)) {
- return dpi;
- }
- }
-
- /* This struct is never free'd - I'm using talloc so we
- can get a list out of smbd using smbcontrol. There will
- be one of these per SID we're authorative for. JRA. */
-
- mem_ctx = talloc_init("DISP_INFO for domain sid %s", sid_str);
-
- if ((dpi = TALLOC_ZERO_P(mem_ctx, DISP_INFO)) == NULL)
+ if (psid == NULL) {
return NULL;
+ }
- dpi->mem_ctx = mem_ctx;
+ if (sid_check_is_builtin(psid) || sid_check_is_in_builtin(psid)) {
+ /*
+ * Necessary only once, but it does not really hurt.
+ */
+ sid_copy(&builtin_dispinfo.sid, &global_sid_Builtin);
- if (psid) {
- sid_copy( &dpi->sid, psid);
- dpi->builtin_domain = sid_check_is_builtin(psid);
- } else {
- dpi->builtin_domain = False;
+ return &builtin_dispinfo;
}
+
+ if (sid_check_is_domain(psid) || sid_check_is_in_our_domain(psid)) {
+ /*
+ * Necessary only once, but it does not really hurt.
+ */
+ sid_copy(&domain_dispinfo.sid, get_global_sam_sid());
- DLIST_ADD(disp_info_list, dpi);
+ return &domain_dispinfo;
+ }
- return dpi;
+ return NULL;
}
/*******************************************************************
TALLOC_CTX *mem_ctx;
if (psid) {
- sid_to_string(sid_str, psid);
+ sid_to_fstring(sid_str, psid);
} else {
fstrcpy(sid_str,"(NULL)");
}
}
info->mem_ctx = mem_ctx;
- info->disp_info = get_samr_dispinfo_by_sid(psid, sid_str);
-
- if (!info->disp_info) {
- talloc_destroy(mem_ctx);
- return NULL;
- }
+ info->disp_info = get_samr_dispinfo_by_sid(psid);
return info;
}
Function to free the per SID data.
********************************************************************/
-static void free_samr_cache(DISP_INFO *disp_info, const char *sid_str)
+static void free_samr_cache(DISP_INFO *disp_info)
{
- DEBUG(10,("free_samr_cache: deleting cache for SID %s\n", sid_str));
+ DEBUG(10, ("free_samr_cache: deleting cache for SID %s\n",
+ sid_string_dbg(&disp_info->sid)));
/* We need to become root here because the paged search might have to
* tell the LDAP server we're not interested in the rest anymore. */
/* Only free the dispinfo cache if no one bothered to set up
a timeout. */
- if (info->disp_info && info->disp_info->di_cache_timeout_event == (smb_event_id_t)0) {
- fstring sid_str;
- sid_to_string(sid_str, &info->disp_info->sid);
- free_samr_cache(info->disp_info, sid_str);
+ if (info->disp_info && info->disp_info->cache_timeout_event == NULL) {
+ free_samr_cache(info->disp_info);
}
talloc_destroy(info->mem_ctx);
Idle event handler. Throw away the disp info cache.
********************************************************************/
-static void disp_info_cache_idle_timeout_handler(void **private_data,
- time_t *ev_interval,
- time_t ev_now)
+static void disp_info_cache_idle_timeout_handler(struct event_context *ev_ctx,
+ struct timed_event *te,
+ const struct timeval *now,
+ void *private_data)
{
- fstring sid_str;
- DISP_INFO *disp_info = (DISP_INFO *)(*private_data);
-
- sid_to_string(sid_str, &disp_info->sid);
+ DISP_INFO *disp_info = (DISP_INFO *)private_data;
- free_samr_cache(disp_info, sid_str);
+ TALLOC_FREE(disp_info->cache_timeout_event);
- /* Remove the event. */
- smb_unregister_idle_event(disp_info->di_cache_timeout_event);
- disp_info->di_cache_timeout_event = (smb_event_id_t)0;
-
- DEBUG(10,("disp_info_cache_idle_timeout_handler: caching timed out for SID %s at %u\n",
- sid_str, (unsigned int)ev_now));
+ DEBUG(10, ("disp_info_cache_idle_timeout_handler: caching timed "
+ "out\n"));
+ free_samr_cache(disp_info);
}
/*******************************************************************
static void set_disp_info_cache_timeout(DISP_INFO *disp_info, time_t secs_fromnow)
{
- fstring sid_str;
-
- sid_to_string(sid_str, &disp_info->sid);
-
/* Remove any pending timeout and update. */
- if (disp_info->di_cache_timeout_event) {
- smb_unregister_idle_event(disp_info->di_cache_timeout_event);
- disp_info->di_cache_timeout_event = (smb_event_id_t)0;
- }
+ TALLOC_FREE(disp_info->cache_timeout_event);
- DEBUG(10,("set_disp_info_cache_timeout: caching enumeration for SID %s for %u seconds\n",
- sid_str, (unsigned int)secs_fromnow ));
+ DEBUG(10,("set_disp_info_cache_timeout: caching enumeration for "
+ "SID %s for %u seconds\n", sid_string_dbg(&disp_info->sid),
+ (unsigned int)secs_fromnow ));
- disp_info->di_cache_timeout_event =
- smb_register_idle_event(disp_info_cache_idle_timeout_handler,
- disp_info,
- secs_fromnow);
+ disp_info->cache_timeout_event = event_add_timed(
+ smbd_event_context(), NULL,
+ timeval_current_ofs(secs_fromnow, 0),
+ "disp_info_cache_idle_timeout_handler",
+ disp_info_cache_idle_timeout_handler, (void *)disp_info);
}
/*******************************************************************
static void force_flush_samr_cache(DISP_INFO *disp_info)
{
- if (disp_info) {
- fstring sid_str;
-
- sid_to_string(sid_str, &disp_info->sid);
- if (disp_info->di_cache_timeout_event) {
- smb_unregister_idle_event(disp_info->di_cache_timeout_event);
- disp_info->di_cache_timeout_event = (smb_event_id_t)0;
- DEBUG(10,("force_flush_samr_cache: clearing idle event for SID %s\n",
- sid_str));
- }
- free_samr_cache(disp_info, sid_str);
+ if ((disp_info == NULL) || (disp_info->cache_timeout_event == NULL)) {
+ return;
}
+
+ DEBUG(10,("force_flush_samr_cache: clearing idle event\n"));
+ TALLOC_FREE(disp_info->cache_timeout_event);
+ free_samr_cache(disp_info);
}
/*******************************************************************
}
/*******************************************************************
- _samr_close_hnd
+ _samr_Close
********************************************************************/
-NTSTATUS _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HND *r_u)
+NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r)
{
- r_u->status = NT_STATUS_OK;
-
- /* close the policy handle */
- if (!close_policy_hnd(p, &q_u->pol))
- return NT_STATUS_OBJECT_NAME_INVALID;
+ if (!close_policy_hnd(p, r->in.handle)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
- DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
+ ZERO_STRUCTP(r->out.handle);
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
- samr_reply_open_domain
+ _samr_OpenDomain
********************************************************************/
-NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN_DOMAIN *r_u)
+NTSTATUS _samr_OpenDomain(pipes_struct *p,
+ struct samr_OpenDomain *r)
{
struct samr_info *info;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->flags;
+ uint32 des_access = r->in.access_mask;
NTSTATUS status;
size_t sd_size;
SE_PRIV se_rights;
- r_u->status = NT_STATUS_OK;
-
/* find the connection policy handle. */
- if ( !find_policy_by_hnd(p, &q_u->pol, (void**)(void *)&info) )
+ if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function( info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_open_domain" );
+ SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_OpenDomain" );
if ( !NT_STATUS_IS_OK(status) )
return status;
status = access_check_samr_object( psd, p->pipe_user.nt_user_token,
&se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
- &acc_granted, "_samr_open_domain" );
+ &acc_granted, "_samr_OpenDomain" );
if ( !NT_STATUS_IS_OK(status) )
return status;
- if (!sid_check_is_domain(&q_u->dom_sid.sid) &&
- !sid_check_is_builtin(&q_u->dom_sid.sid)) {
+ if (!sid_check_is_domain(r->in.sid) &&
+ !sid_check_is_builtin(r->in.sid)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
/* associate the domain SID with the (unique) handle. */
- if ((info = get_samr_info_by_sid(&q_u->dom_sid.sid))==NULL)
+ if ((info = get_samr_info_by_sid(r->in.sid))==NULL)
return NT_STATUS_NO_MEMORY;
info->acc_granted = acc_granted;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->domain_pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.domain_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- DEBUG(5,("samr_open_domain: %d\n", __LINE__));
+ DEBUG(5,("_samr_OpenDomain: %d\n", __LINE__));
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
/*******************************************************************
********************************************************************/
-static BOOL get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
+static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
DOM_SID *sid, uint32 *acc_granted,
DISP_INFO **ppdisp_info)
{
DOM_SID pol_sid;
uint32 acc_granted, i;
SEC_ACL *dacl;
- BOOL ret;
+ bool ret;
struct samu *sampass=NULL;
NTSTATUS status;
unbecome_root();
if (!ret) {
- DEBUG(4, ("User %s not found\n", sid_string_static(&pol_sid)));
+ DEBUG(4, ("User %s not found\n", sid_string_dbg(&pol_sid)));
TALLOC_FREE(sampass);
return NT_STATUS_INVALID_HANDLE;
}
return NT_STATUS_ACCESS_DENIED;
}
- status = pdb_update_sam_account(sampass);
+ status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+ if (NT_STATUS_IS_OK(status)) {
+ become_root();
+ status = pdb_update_sam_account(sampass);
+ unbecome_root();
+ }
TALLOC_FREE(sampass);
/*******************************************************************
build correct perms based on policies and password times for _samr_query_sec_obj
*******************************************************************/
-static BOOL check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
+static bool check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
{
struct samu *sampass=NULL;
- BOOL ret;
+ bool ret;
if ( !(sampass = samu_new( mem_ctx )) ) {
DEBUG(0,("No memory!\n"));
unbecome_root();
if (ret == False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
TALLOC_FREE(sampass);
return False;
}
NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_QUERY_SEC_OBJ *r_u)
{
DOM_SID pol_sid;
- fstring str_sid;
SEC_DESC * psd = NULL;
uint32 acc_granted;
size_t sd_size;
if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
- DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n",
+ sid_string_dbg(&pol_sid)));
/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
} else if (sid_equal(&pol_sid,get_global_sam_sid())) {
/* check if it is our domain SID */
- DEBUG(5,("_samr_query_sec_obj: querying security on Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(5,("_samr_query_sec_obj: querying security on Domain "
+ "with SID: %s\n", sid_string_dbg(&pol_sid)));
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_equal(&pol_sid,&global_sid_Builtin)) {
/* check if it is the Builtin Domain */
/* TODO: Builtin probably needs a different SD with restricted write access*/
- DEBUG(5,("_samr_query_sec_obj: querying security on Builtin Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(5,("_samr_query_sec_obj: querying security on Builtin "
+ "Domain with SID: %s\n", sid_string_dbg(&pol_sid)));
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_check_is_in_our_domain(&pol_sid) ||
sid_check_is_in_builtin(&pol_sid)) {
/* TODO: different SDs have to be generated for aliases groups and users.
Currently all three get a default user SD */
- DEBUG(10,("_samr_query_sec_obj: querying security on Object with SID: %s\n", sid_to_string(str_sid, &pol_sid)));
+ DEBUG(10,("_samr_query_sec_obj: querying security on Object "
+ "with SID: %s\n", sid_string_dbg(&pol_sid)));
if (check_change_pw_access(p->mem_ctx, &pol_sid)) {
r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
&pol_sid, SAMR_USR_RIGHTS_WRITE_PW);
uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_entries);
if (sam == NULL || uni_name == NULL) {
- DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n"));
+ DEBUG(0, ("make_user_sam_entry_list: TALLOC_ZERO failed!\n"));
return NT_STATUS_NO_MEMORY;
}
if (num_account == 0) {
DEBUG(5, ("_samr_enum_dom_users: enumeration handle over "
"total entries\n"));
+ init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
return NT_STATUS_OK;
}
return r_u->status;
DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n",
- sid_string_static(&info->sid)));
+ sid_string_dbg(&info->sid)));
become_root();
DOM_SID sid;
struct acct_info info;
uint32 acc_granted;
- BOOL ret;
+ NTSTATUS status;
r_u->status = NT_STATUS_OK;
}
become_root();
- ret = pdb_get_aliasinfo(&sid, &info);
+ status = pdb_get_aliasinfo(&sid, &info);
unbecome_root();
- if ( !ret )
- return NT_STATUS_NO_SUCH_ALIAS;
+ if ( !NT_STATUS_IS_OK(status))
+ return status;
if ( !(r_u->ctr = TALLOC_ZERO_P( p->mem_ctx, ALIAS_INFO_CTR )) )
return NT_STATUS_NO_MEMORY;
int i;
int num_rids = q_u->num_names2;
DOM_SID pol_sid;
- fstring sid_str;
uint32 acc_granted;
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids));
}
- DEBUG(5,("_samr_lookup_names: looking name on SID %s\n", sid_to_string(sid_str, &pol_sid)));
+ DEBUG(5,("_samr_lookup_names: looking name on SID %s\n",
+ sid_string_dbg(&pol_sid)));
for (i = 0; i < num_rids; i++) {
fstring name;
}
/*******************************************************************
- _samr_chgpasswd_user
+ _samr_ChangePasswordUser2
********************************************************************/
+NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
+ struct samr_ChangePasswordUser2 *r)
-NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_R_CHGPASSWD_USER *r_u)
{
+ NTSTATUS status;
fstring user_name;
fstring wks;
- DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
-
- r_u->status = NT_STATUS_OK;
+ DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
- rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
- rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
+ fstrcpy(user_name, r->in.account->string);
+ fstrcpy(wks, r->in.server->string);
- DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
+ DEBUG(5,("_samr_ChangePasswordUser2: user: %s wks: %s\n", user_name, wks));
/*
* Pass the user through the NT -> unix user mapping
* is case insensitive.
*/
- r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
- q_u->nt_newpass.pass, q_u->nt_oldhash.hash, NULL);
+ status = pass_oem_change(user_name, r->in.lm_password->data, r->in.lm_verifier->hash,
+ r->in.nt_password->data, r->in.nt_verifier->hash, NULL);
- init_samr_r_chgpasswd_user(r_u, r_u->status);
+ DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
- DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
-
- return r_u->status;
+ return status;
}
/*******************************************************************
makes a SAMR_R_LOOKUP_RIDS structure.
********************************************************************/
-static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
+static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
const char **names, UNIHDR **pp_hdr_name,
UNISTR2 **pp_uni_name)
{
UNIHDR *hdr_name = NULL;
UNISTR2 *uni_name = NULL;
DOM_SID pol_sid;
- int num_rids = q_u->num_rids1;
+ int num_rids = (int)q_u->num_rids1;
uint32 acc_granted;
int i;
return NT_STATUS_UNSUCCESSFUL;
}
- names = TALLOC_ZERO_ARRAY(p->mem_ctx, const char *, num_rids);
- attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, enum lsa_SidType, num_rids);
- wire_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids);
+ if (num_rids) {
+ names = TALLOC_ZERO_ARRAY(p->mem_ctx, const char *, num_rids);
+ attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, enum lsa_SidType, num_rids);
+ wire_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids);
- if ((num_rids != 0) && ((names == NULL) || (attrs == NULL) || (wire_attrs==NULL)))
- return NT_STATUS_NO_MEMORY;
+ if ((names == NULL) || (attrs == NULL) || (wire_attrs==NULL))
+ return NT_STATUS_NO_MEMORY;
+ } else {
+ names = NULL;
+ attrs = NULL;
+ wire_attrs = NULL;
+ }
become_root(); /* lookup_sid can require root privs */
r_u->status = pdb_lookup_rids(&pol_sid, num_rids, q_u->rid,
}
/*******************************************************************
- _samr_open_user. Safe - gives out no passwd info.
- ********************************************************************/
+ _samr_OpenUser
+********************************************************************/
-NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USER *r_u)
+NTSTATUS _samr_OpenUser(pipes_struct *p,
+ struct samr_OpenUser *r)
{
struct samu *sampass=NULL;
DOM_SID sid;
- POLICY_HND domain_pol = q_u->domain_pol;
- POLICY_HND *user_pol = &r_u->user_pol;
+ POLICY_HND domain_pol = *r->in.domain_handle;
+ POLICY_HND *user_pol = r->out.user_handle;
struct samr_info *info = NULL;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
size_t sd_size;
- BOOL ret;
+ bool ret;
NTSTATUS nt_status;
SE_PRIV se_rights;
- r_u->status = NT_STATUS_OK;
-
/* find the domain policy handle and get domain SID / access bits in the domain policy. */
if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
return NT_STATUS_INVALID_HANDLE;
nt_status = access_check_samr_function( acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user" );
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenUser" );
if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
/* append the user's RID to it */
- if (!sid_append_rid(&sid, q_u->user_rid))
+ if (!sid_append_rid(&sid, r->in.rid))
return NT_STATUS_NO_SUCH_USER;
/* check if access can be granted as requested by client. */
nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
- &acc_granted, "_samr_open_user");
+ &acc_granted, "_samr_OpenUser");
if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- return r_u->status;
+ return NT_STATUS_OK;
}
/*************************************************************************
static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if ( !ret ) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if (ret==False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if (ret==False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_18 * id18, DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
- BOOL ret;
+ bool ret;
if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
return NT_STATUS_ACCESS_DENIED;
ret = pdb_getsampwsid(smbpass, user_sid);
if (ret == False) {
- DEBUG(4, ("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4, ("User %s not found\n", sid_string_dbg(user_sid)));
TALLOC_FREE(smbpass);
return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
}
static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid)
{
struct samu *sampass=NULL;
- BOOL ret;
+ bool ret;
if ( !(sampass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
unbecome_root();
if (ret == False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
DOM_SID *user_sid, DOM_SID *domain_sid)
{
struct samu *sampass=NULL;
- BOOL ret;
+ bool ret;
NTSTATUS nt_status;
if ( !(sampass = samu_new( mem_ctx )) ) {
unbecome_root();
if (ret == False) {
- DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
+ DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (!sid_check_is_in_our_domain(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid)));
+ DEBUG(5,("_samr_query_userinfo: sid:%s\n",
+ sid_string_dbg(&info->sid)));
ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_USERINFO_CTR);
if (!ctr)
gid_t *unix_gids;
size_t i, num_gids;
uint32 acc_granted;
- BOOL ret;
+ bool ret;
NTSTATUS result;
- BOOL success = False;
+ bool success = False;
/*
* from the SID in the request:
if (!ret) {
DEBUG(10, ("pdb_getsampwsid failed for %s\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return NT_STATUS_NO_SUCH_USER;
}
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10, ("pdb_enum_group_memberships failed for %s\n",
- sid_string_static(&sid)));
+ sid_string_dbg(&sid)));
return result;
}
if ( !success ) {
DEBUG(5, ("Group sid %s for user %s not in our domain\n",
- sid_string_static(pdb_get_group_sid(sam_pass)),
+ sid_string_dbg(pdb_get_group_sid(sam_pass)),
pdb_get_username(sam_pass)));
TALLOC_FREE(sam_pass);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
if (!sid_peek_check_rid(get_global_sam_sid(),
&(sids[i]), &dom_gid.g_rid)) {
DEBUG(10, ("Found sid %s not in our domain\n",
- sid_string_static(&sids[i])));
+ sid_string_dbg(&sids[i])));
continue;
}
static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
{
enum lsa_SidType type;
- BOOL result;
+ bool result;
DEBUG(10, ("Checking whether [%s] can be created\n", new_name));
become_root();
- /* Lookup in our local databases (only LOOKUP_NAME_ISOLATED set)
+ /* Lookup in our local databases (LOOKUP_NAME_REMOTE not set)
* whether the name already exists */
- result = lookup_name(mem_ctx, new_name, LOOKUP_NAME_ISOLATED,
+ result = lookup_name(mem_ctx, new_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, &type);
unbecome_root();
}
/*******************************************************************
- _samr_create_user
- Create an account, can be either a normal user or a machine.
- This funcion will need to be updated for bdc/domain trusts.
+ _samr_CreateUser2
********************************************************************/
-NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
- SAMR_R_CREATE_USER *r_u)
+NTSTATUS _samr_CreateUser2(pipes_struct *p,
+ struct samr_CreateUser2 *r)
{
- char *account;
+ const char *account = NULL;
DOM_SID sid;
- POLICY_HND dom_pol = q_u->domain_pol;
- uint16 acb_info = q_u->acb_info;
- POLICY_HND *user_pol = &r_u->user_pol;
+ POLICY_HND dom_pol = *r->in.domain_handle;
+ uint32_t acb_info = r->in.acct_flags;
+ POLICY_HND *user_pol = r->out.user_handle;
struct samr_info *info = NULL;
NTSTATUS nt_status;
uint32 acc_granted;
size_t sd_size;
/* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
- BOOL can_add_account = False;
+ bool can_add_account = False;
SE_PRIV se_rights;
DISP_INFO *disp_info = NULL;
nt_status = access_check_samr_function(acc_granted,
SA_RIGHT_DOMAIN_CREATE_USER,
- "_samr_create_user");
+ "_samr_CreateUser2");
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
return NT_STATUS_INVALID_PARAMETER;
}
- account = rpcstr_pull_unistr2_talloc(p->mem_ctx, &q_u->uni_name);
+ account = r->in.account_name->string;
if (account == NULL) {
return NT_STATUS_NO_MEMORY;
}
}
}
- DEBUG(5, ("_samr_create_user: %s can add this account : %s\n",
+ DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
uidtoname(p->pipe_user.ut.uid),
can_add_account ? "True":"False" ));
become_root();
nt_status = pdb_create_user(p->mem_ctx, account, acb_info,
- &r_u->user_rid);
+ r->out.rid);
if ( can_add_account )
unbecome_root();
/* Get the user's SID */
- sid_compose(&sid, get_global_sam_sid(), r_u->user_rid);
+ sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
&sid, SAMR_USR_RIGHTS_WRITE_PW);
nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
- &acc_granted, "_samr_create_user");
+ &acc_granted, "_samr_CreateUser2");
if ( !NT_STATUS_IS_OK(nt_status) ) {
return nt_status;
/* After a "set" ensure we have no cached display info. */
force_flush_samr_cache(info->disp_info);
- r_u->access_granted = acc_granted;
+ *r->out.access_granted = acc_granted;
return NT_STATUS_OK;
}
}
}
- DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name, sid_string_static(&sid)));
+ DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name,
+ sid_string_dbg(&sid)));
init_samr_r_lookup_domain(r_u, &sid, r_u->status);
makes a SAMR_R_ENUM_DOMAINS structure.
********************************************************************/
-static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
+static bool make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
UNISTR2 **pp_uni_name, uint32 num_sam_entries, fstring doms[])
{
uint32 i;
}
/*******************************************************************
- api_samr_open_alias
+ _samr_OpenAlias
********************************************************************/
-NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_ALIAS *r_u)
+NTSTATUS _samr_OpenAlias(pipes_struct *p,
+ struct samr_OpenAlias *r)
{
DOM_SID sid;
- POLICY_HND domain_pol = q_u->dom_pol;
- uint32 alias_rid = q_u->rid_alias;
- POLICY_HND *alias_pol = &r_u->pol;
+ POLICY_HND domain_pol = *r->in.domain_handle;
+ uint32 alias_rid = r->in.rid;
+ POLICY_HND *alias_pol = r->out.alias_handle;
struct samr_info *info = NULL;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
size_t sd_size;
NTSTATUS status;
SE_PRIV se_rights;
- r_u->status = NT_STATUS_OK;
-
/* find the domain policy and get the SID / access bits stored in the domain policy */
if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias");
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenAlias");
if ( !NT_STATUS_IS_OK(status) )
return status;
status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
&se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access,
- &acc_granted, "_samr_open_alias");
+ &acc_granted, "_samr_OpenAlias");
if ( !NT_STATUS_IS_OK(status) )
return status;
{
/* Check we actually have the requested alias */
enum lsa_SidType type;
- BOOL result;
+ bool result;
gid_t gid;
become_root();
if (!create_policy_hnd(p, alias_pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
set_user_info_16
********************************************************************/
-static BOOL set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
+static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
{
if (id16 == NULL) {
DEBUG(5, ("set_user_info_16: NULL id16\n"));
set_user_info_18
********************************************************************/
-static BOOL set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
+static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
{
if (id18 == NULL) {
set_user_info_20
********************************************************************/
-static BOOL set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
+static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
{
if (id20 == NULL) {
DEBUG(5, ("set_user_info_20: NULL id20\n"));
static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
struct samu *pwd)
{
- pstring plaintext_buf;
- uint32 len;
+ char *plaintext_buf = NULL;
+ uint32 len = 0;
uint16 acct_ctrl;
NTSTATUS status;
-
+
if (id23 == NULL) {
DEBUG(5, ("set_user_info_23: NULL id23\n"));
return NT_STATUS_INVALID_PARAMETER;
}
-
+
DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n",
pdb_get_username(pwd)));
acct_ctrl = pdb_get_acct_ctrl(pwd);
- if (!decode_pw_buffer(id23->pass, plaintext_buf, 256, &len, STR_UNICODE)) {
+ if (!decode_pw_buffer(mem_ctx,
+ id23->pass,
+ &plaintext_buf,
+ &len,
+ STR_UNICODE)) {
TALLOC_FREE(pwd);
return NT_STATUS_INVALID_PARAMETER;
}
-
+
if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) {
TALLOC_FREE(pwd);
return NT_STATUS_ACCESS_DENIED;
}
-
+
copy_id23_to_sam_passwd(pwd, id23);
-
+
/* if it's a trust account, don't update /etc/passwd */
if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
return NT_STATUS_ACCESS_DENIED;
}
- if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) {
+ passwd = Get_Pwnam_alloc(pwd, pdb_get_username(pwd));
+ if (passwd == NULL) {
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
-
+
if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
TALLOC_FREE(pwd);
return NT_STATUS_ACCESS_DENIED;
}
+ TALLOC_FREE(passwd);
}
}
-
- ZERO_STRUCT(plaintext_buf);
-
+
+ memset(plaintext_buf, '\0', strlen(plaintext_buf));
+
if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) &&
(!NT_STATUS_IS_OK(status = pdb_set_unix_primary_group(mem_ctx,
pwd)))) {
TALLOC_FREE(pwd);
return status;
}
-
+
TALLOC_FREE(pwd);
return NT_STATUS_OK;
set_user_info_pw
********************************************************************/
-static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd)
+static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
{
- uint32 len;
- pstring plaintext_buf;
+ uint32 len = 0;
+ char *plaintext_buf = NULL;
uint32 acct_ctrl;
-
+ time_t last_set_time;
+ enum pdb_value_state last_set_state;
+
DEBUG(5, ("Attempting administrator password change for user %s\n",
pdb_get_username(pwd)));
acct_ctrl = pdb_get_acct_ctrl(pwd);
-
- ZERO_STRUCT(plaintext_buf);
-
- if (!decode_pw_buffer(pass, plaintext_buf, 256, &len, STR_UNICODE)) {
+ /* we need to know if it's expired, because this is an admin change, not a
+ user change, so it's still expired when we're done */
+ last_set_state = pdb_get_init_flags(pwd, PDB_PASSLASTSET);
+ last_set_time = pdb_get_pass_last_set_time(pwd);
+
+ if (!decode_pw_buffer(talloc_tos(),
+ pass,
+ &plaintext_buf,
+ &len,
+ STR_UNICODE)) {
TALLOC_FREE(pwd);
return False;
}
TALLOC_FREE(pwd);
return False;
}
-
+
/* if it's a trust account, don't update /etc/passwd */
if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) ||
( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) ||
return False;
}
- if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) {
+ passwd = Get_Pwnam_alloc(pwd, pdb_get_username(pwd));
+ if (passwd == NULL) {
DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
}
-
+
if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
TALLOC_FREE(pwd);
return False;
}
+ TALLOC_FREE(passwd);
}
}
-
- ZERO_STRUCT(plaintext_buf);
-
+
+ memset(plaintext_buf, '\0', strlen(plaintext_buf));
+
+ /* restore last set time as this is an admin change, not a user pw change */
+ pdb_set_pass_last_set_time (pwd, last_set_time, last_set_state);
+
DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n"));
-
+
/* update the SAMBA password */
if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
TALLOC_FREE(pwd);
SAM_USERINFO_CTR *ctr = q_u->ctr;
uint32 acc_granted;
uint32 acc_required;
- BOOL ret;
- BOOL has_enough_rights = False;
+ bool ret;
+ bool has_enough_rights = False;
uint32 acb_info;
DISP_INFO *disp_info = NULL;
return r_u->status;
}
- DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value));
+ DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n",
+ sid_string_dbg(&sid), switch_value));
if (ctr == NULL) {
DEBUG(5, ("_samr_set_userinfo: NULL info level\n"));
}
SamOEMhashBlob(ctr->info.id24->pass, 516, &p->session_key);
- dump_data(100, (char *)ctr->info.id24->pass, 516);
+ dump_data(100, ctr->info.id24->pass, 516);
if (!set_user_info_pw(ctr->info.id24->pass, pwd))
r_u->status = NT_STATUS_ACCESS_DENIED;
}
encode_or_decode_arc4_passwd_buffer(ctr->info.id25->pass, &p->session_key);
- dump_data(100, (char *)ctr->info.id25->pass, 532);
+ dump_data(100, ctr->info.id25->pass, 532);
r_u->status = set_user_info_25(p->mem_ctx,
ctr->info.id25, pwd);
}
encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
- dump_data(100, (char *)ctr->info.id26->pass, 516);
+ dump_data(100, ctr->info.id26->pass, 516);
if (!set_user_info_pw(ctr->info.id26->pass, pwd))
r_u->status = NT_STATUS_ACCESS_DENIED;
}
SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
- dump_data(100, (char *)ctr->info.id23->pass, 516);
+ dump_data(100, ctr->info.id23->pass, 516);
r_u->status = set_user_info_23(p->mem_ctx,
ctr->info.id23, pwd);
uint16 switch_value = q_u->switch_value;
uint32 acc_granted;
uint32 acc_required;
- BOOL ret;
- BOOL has_enough_rights = False;
+ bool ret;
+ bool has_enough_rights = False;
uint32 acb_info;
DISP_INFO *disp_info = NULL;
return r_u->status;
}
- DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid)));
+ DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n",
+ sid_string_dbg(&sid)));
if (ctr == NULL) {
DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
}
SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
- dump_data(100, (char *)ctr->info.id23->pass, 516);
+ dump_data(100, ctr->info.id23->pass, 516);
r_u->status = set_user_info_23(p->mem_ctx,
ctr->info.id23, pwd);
}
encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
- dump_data(100, (char *)ctr->info.id26->pass, 516);
+ dump_data(100, ctr->info.id26->pass, 516);
if (!set_user_info_pw(ctr->info.id26->pass, pwd))
r_u->status = NT_STATUS_ACCESS_DENIED;
!sid_check_is_builtin(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, q_u->num_sids1);
+ if (q_u->num_sids1) {
+ members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, q_u->num_sids1);
- if (members == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (members == NULL)
+ return NT_STATUS_NO_MEMORY;
+ } else {
+ members = NULL;
+ }
for (i=0; i<q_u->num_sids1; i++)
sid_copy(&members[i], &q_u->sid[i].sid);
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
become_root();
status = pdb_enum_aliasmem(&alias_sid, &sids, &num_sids);
return status;
}
- sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids);
- if (num_sids!=0 && sid == NULL) {
- SAFE_FREE(sids);
- return NT_STATUS_NO_MEMORY;
+ if (num_sids) {
+ sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids);
+ if (sid == NULL) {
+ SAFE_FREE(sids);
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ sid = NULL;
}
for (i = 0; i < num_sids; i++) {
init_samr_r_query_aliasmem(r_u, num_sids, sid, NT_STATUS_OK);
- SAFE_FREE(sids);
+ TALLOC_FREE(sids);
return NT_STATUS_OK;
}
NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u)
{
DOM_SID group_sid;
- fstring group_sid_str;
size_t i, num_members;
uint32 *rid=NULL;
return r_u->status;
}
- sid_to_string(group_sid_str, &group_sid);
- DEBUG(10, ("sid is %s\n", group_sid_str));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
if (!sid_check_is_in_our_domain(&group_sid)) {
- DEBUG(3, ("sid %s is not in our domain\n", group_sid_str));
+ DEBUG(3, ("sid %s is not in our domain\n",
+ sid_string_dbg(&group_sid)));
return NT_STATUS_NO_SUCH_GROUP;
}
if (!NT_STATUS_IS_OK(result))
return result;
- attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members);
-
- if ((num_members!=0) && (attr==NULL))
- return NT_STATUS_NO_MEMORY;
+ if (num_members) {
+ attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members);
+ if (attr == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ attr = NULL;
+ }
for (i=0; i<num_members; i++)
attr[i] = SID_NAME_USER;
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
NTSTATUS ret;
DISP_INFO *disp_info = NULL;
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
NTSTATUS ret;
DISP_INFO *disp_info = NULL;
}
DEBUG(10, ("_samr_del_aliasmem:sid is %s\n",
- sid_string_static(&alias_sid)));
+ sid_string_dbg(&alias_sid)));
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
uint32 group_rid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&group_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
if (!sid_peek_check_rid(get_global_sam_sid(), &group_sid,
&group_rid)) {
uint32 group_rid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/*
}
/*********************************************************************
- _samr_delete_dom_user
+ _samr_DeleteUser
*********************************************************************/
-NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAMR_R_DELETE_DOM_USER *r_u )
+NTSTATUS _samr_DeleteUser(pipes_struct *p,
+ struct samr_DeleteUser *r)
{
+ NTSTATUS status;
DOM_SID user_sid;
struct samu *sam_pass=NULL;
uint32 acc_granted;
- BOOL can_add_accounts;
+ bool can_add_accounts;
uint32 acb_info;
DISP_INFO *disp_info = NULL;
- BOOL ret;
+ bool ret;
- DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
+ DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__));
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &user_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) {
- return r_u->status;
+ status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteUser");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
if (!sid_check_is_in_our_domain(&user_sid))
unbecome_root();
if( !ret ) {
- DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n",
- sid_string_static(&user_sid)));
+ DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n",
+ sid_string_dbg(&user_sid)));
TALLOC_FREE(sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
if ( can_add_accounts )
become_root();
- r_u->status = pdb_delete_user(p->mem_ctx, sam_pass);
+ status = pdb_delete_user(p->mem_ctx, sam_pass);
if ( can_add_accounts )
unbecome_root();
/******** END SeAddUsers BLOCK *********/
- if ( !NT_STATUS_IS_OK(r_u->status) ) {
- DEBUG(5,("_samr_delete_dom_user: Failed to delete entry for "
+ if ( !NT_STATUS_IS_OK(status) ) {
+ DEBUG(5,("_samr_DeleteUser: Failed to delete entry for "
"user %s: %s.\n", pdb_get_username(sam_pass),
- nt_errstr(r_u->status)));
+ nt_errstr(status)));
TALLOC_FREE(sam_pass);
- return r_u->status;
+ return status;
}
TALLOC_FREE(sam_pass);
- if (!close_policy_hnd(p, &q_u->user_pol))
+ if (!close_policy_hnd(p, r->in.user_handle))
return NT_STATUS_OBJECT_NAME_INVALID;
force_flush_samr_cache(disp_info);
}
/*********************************************************************
- _samr_delete_dom_group
+ _samr_DeleteDomainGroup
*********************************************************************/
-NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, SAMR_R_DELETE_DOM_GROUP *r_u)
+NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p,
+ struct samr_DeleteDomainGroup *r)
{
+ NTSTATUS status;
DOM_SID group_sid;
uint32 group_rid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
- DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__));
+ DEBUG(5, ("samr_DeleteDomainGroup: %d\n", __LINE__));
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomainGroup");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&group_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
if (!sid_peek_check_rid(get_global_sam_sid(), &group_sid,
&group_rid)) {
if ( can_add_accounts )
become_root();
- r_u->status = pdb_delete_dom_group(p->mem_ctx, group_rid);
+ status = pdb_delete_dom_group(p->mem_ctx, group_rid);
if ( can_add_accounts )
unbecome_root();
/******** END SeAddUsers BLOCK *********/
- if ( !NT_STATUS_IS_OK(r_u->status) ) {
- DEBUG(5,("_samr_delete_dom_group: Failed to delete mapping "
+ if ( !NT_STATUS_IS_OK(status) ) {
+ DEBUG(5,("_samr_DeleteDomainGroup: Failed to delete mapping "
"entry for group %s: %s\n",
- sid_string_static(&group_sid),
- nt_errstr(r_u->status)));
- return r_u->status;
+ sid_string_dbg(&group_sid),
+ nt_errstr(status)));
+ return status;
}
- if (!close_policy_hnd(p, &q_u->group_pol))
+ if (!close_policy_hnd(p, r->in.group_handle))
return NT_STATUS_OBJECT_NAME_INVALID;
force_flush_samr_cache(disp_info);
}
/*********************************************************************
- _samr_delete_dom_alias
+ _samr_DeleteDomAlias
*********************************************************************/
-NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u)
+NTSTATUS _samr_DeleteDomAlias(pipes_struct *p,
+ struct samr_DeleteDomAlias *r)
{
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
- BOOL ret;
+ bool can_add_accounts;
+ NTSTATUS status;
DISP_INFO *disp_info = NULL;
- DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__));
+ DEBUG(5, ("_samr_DeleteDomAlias: %d\n", __LINE__));
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
/* copy the handle to the outgoing reply */
- memcpy( &r_u->pol, &q_u->alias_pol, sizeof(r_u->pol) );
+ memcpy(r->out.alias_handle, r->in.alias_handle, sizeof(r->out.alias_handle));
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) {
- return r_u->status;
+ status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomAlias");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
/* Don't let Windows delete builtin groups */
become_root();
/* Have passdb delete the alias */
- ret = pdb_delete_alias(&alias_sid);
+ status = pdb_delete_alias(&alias_sid);
if ( can_add_accounts )
unbecome_root();
/******** END SeAddUsers BLOCK *********/
- if ( !ret )
- return NT_STATUS_ACCESS_DENIED;
+ if ( !NT_STATUS_IS_OK(status))
+ return status;
- if (!close_policy_hnd(p, &q_u->alias_pol))
+ if (!close_policy_hnd(p, r->in.alias_handle))
return NT_STATUS_OBJECT_NAME_INVALID;
force_flush_samr_cache(disp_info);
}
/*********************************************************************
- _samr_create_dom_group
+ _samr_CreateDomainGroup
*********************************************************************/
-NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAMR_R_CREATE_DOM_GROUP *r_u)
+NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
+ struct samr_CreateDomainGroup *r)
+
{
+ NTSTATUS status;
DOM_SID dom_sid;
DOM_SID info_sid;
const char *name;
struct samr_info *info;
uint32 acc_granted;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) {
- return r_u->status;
+ status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_CreateDomainGroup");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- name = rpcstr_pull_unistr2_talloc(p->mem_ctx, &q_u->uni_acct_desc);
+ name = r->in.name->string;
if (name == NULL) {
return NT_STATUS_NO_MEMORY;
}
- r_u->status = can_create(p->mem_ctx, name);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- return r_u->status;
+ status = can_create(p->mem_ctx, name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
se_priv_copy( &se_rights, &se_add_users );
/* check that we successfully create the UNIX group */
- r_u->status = pdb_create_dom_group(p->mem_ctx, name, &r_u->rid);
+ status = pdb_create_dom_group(p->mem_ctx, name, r->out.rid);
if ( can_add_accounts )
unbecome_root();
/* check if we should bail out here */
- if ( !NT_STATUS_IS_OK(r_u->status) )
- return r_u->status;
+ if ( !NT_STATUS_IS_OK(status) )
+ return status;
- sid_compose(&info_sid, get_global_sam_sid(), r_u->rid);
+ sid_compose(&info_sid, get_global_sam_sid(), *r->out.rid);
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
return NT_STATUS_NO_MEMORY;
info->acc_granted = GENERIC_RIGHTS_GROUP_ALL_ACCESS;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.group_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
force_flush_samr_cache(disp_info);
}
/*********************************************************************
- _samr_create_dom_alias
+ _samr_CreateDomAlias
*********************************************************************/
-NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u)
+NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
+ struct samr_CreateDomAlias *r)
{
DOM_SID dom_sid;
DOM_SID info_sid;
- fstring name;
+ const char *name = NULL;
struct samr_info *info;
uint32 acc_granted;
gid_t gid;
NTSTATUS result;
SE_PRIV se_rights;
- BOOL can_add_accounts;
+ bool can_add_accounts;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) {
- return r_u->status;
+ result = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_CreateDomAlias");
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
}
if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
+ name = r->in.alias_name->string;
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
become_root();
/* Have passdb create the alias */
- result = pdb_create_alias(name, &r_u->rid);
+ result = pdb_create_alias(name, r->out.rid);
if ( can_add_accounts )
unbecome_root();
}
sid_copy(&info_sid, get_global_sam_sid());
- sid_append_rid(&info_sid, r_u->rid);
+ sid_append_rid(&info_sid, *r->out.rid);
if (!sid_to_gid(&info_sid, &gid)) {
DEBUG(10, ("Could not find alias just created\n"));
info->acc_granted = GENERIC_RIGHTS_ALIAS_ALL_ACCESS;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.alias_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
force_flush_samr_cache(disp_info);
GROUP_MAP map;
GROUP_INFO_CTR *ctr;
uint32 acc_granted;
- BOOL ret;
+ bool ret;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
GROUP_INFO_CTR *ctr;
uint32 acc_granted;
NTSTATUS ret;
- BOOL result;
- BOOL can_mod_accounts;
+ bool result;
+ bool can_mod_accounts;
DISP_INFO *disp_info = NULL;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info))
switch (ctr->switch_value1) {
case 1:
- unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1);
+ unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment));
break;
case 4:
- unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1);
+ unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment));
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
struct acct_info info;
ALIAS_INFO_CTR *ctr;
uint32 acc_granted;
- BOOL ret;
- BOOL can_mod_accounts;
+ bool can_mod_accounts;
+ NTSTATUS status;
DISP_INFO *disp_info = NULL;
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted, &disp_info))
/* get the current group information */
become_root();
- ret = pdb_get_aliasinfo( &group_sid, &info );
+ status = pdb_get_aliasinfo( &group_sid, &info );
unbecome_root();
- if ( !ret ) {
- return NT_STATUS_NO_SUCH_ALIAS;
- }
+ if ( !NT_STATUS_IS_OK(status))
+ return status;
switch (ctr->level) {
case 2:
{
fstring group_name, acct_name;
- NTSTATUS status;
/* We currently do not support renaming groups in the
the BUILTIN domain. Refer to util_builtin.c to understand
return NT_STATUS_INVALID_PARAMETER;
unistr2_to_ascii( acct_name, ctr->alias.info2.name.string,
- sizeof(acct_name)-1 );
+ sizeof(acct_name));
/* If the name is the same just reply "ok". Yes this
doesn't allow you to change the case of a group name. */
if ( ctr->alias.info3.description.string ) {
unistr2_to_ascii( info.acct_desc,
ctr->alias.info3.description.string,
- sizeof(info.acct_desc)-1 );
+ sizeof(info.acct_desc));
}
else
fstrcpy( info.acct_desc, "" );
if ( can_mod_accounts )
become_root();
- ret = pdb_set_aliasinfo( &group_sid, &info );
+ status = pdb_set_aliasinfo( &group_sid, &info );
if ( can_mod_accounts )
unbecome_root();
/******** End SeAddUsers BLOCK *********/
- if (ret) {
+ if (NT_STATUS_IS_OK(status))
force_flush_samr_cache(disp_info);
- }
- return ret ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
+ return status;
}
-/*********************************************************************
- _samr_get_dom_pwinfo
-*********************************************************************/
+/****************************************************************
+ _samr_GetDomPwInfo
+****************************************************************/
-NTSTATUS _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u)
+NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
+ struct samr_GetDomPwInfo *r)
{
/* Perform access check. Since this rpc does not require a
policy handle it will not be caught by the access checks on
SAMR_CONNECT or SAMR_CONNECT_ANON. */
if (!pipe_access_check(p)) {
- DEBUG(3, ("access denied to samr_get_dom_pwinfo\n"));
- r_u->status = NT_STATUS_ACCESS_DENIED;
- return r_u->status;
+ DEBUG(3, ("access denied to _samr_GetDomPwInfo\n"));
+ return NT_STATUS_ACCESS_DENIED;
}
/* Actually, returning zeros here works quite well :-). */
+ ZERO_STRUCTP(r->out.info);
return NT_STATUS_OK;
}
/*********************************************************************
- _samr_open_group
+ _samr_OpenGroup
*********************************************************************/
-NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u)
+NTSTATUS _samr_OpenGroup(pipes_struct *p,
+ struct samr_OpenGroup *r)
+
{
DOM_SID sid;
DOM_SID info_sid;
struct samr_info *info;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
size_t sd_size;
NTSTATUS status;
fstring sid_string;
- BOOL ret;
+ bool ret;
SE_PRIV se_rights;
- if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
status = access_check_samr_function(acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group");
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenGroup");
if ( !NT_STATUS_IS_OK(status) )
return status;
status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
&se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access,
- &acc_granted, "_samr_open_group");
+ &acc_granted, "_samr_OpenGroup");
if ( !NT_STATUS_IS_OK(status) )
return status;
return NT_STATUS_ACCESS_DENIED;
sid_copy(&info_sid, get_global_sam_sid());
- sid_append_rid(&info_sid, q_u->rid_group);
- sid_to_string(sid_string, &info_sid);
+ sid_append_rid(&info_sid, r->in.rid);
+ sid_to_fstring(sid_string, &info_sid);
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
return NT_STATUS_NO_MEMORY;
info->acc_granted = acc_granted;
- DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string));
+ DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n", sid_string));
/* check if that group really exists */
become_root();
return NT_STATUS_NO_SUCH_GROUP;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.group_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_OK;
DISP_INFO *disp_info = NULL;
sid_copy( &delete_sid, &q_u->sid.sid );
-
+
DEBUG(5,("_samr_remove_sid_foreign_domain: removing SID [%s]\n",
- sid_string_static(&delete_sid)));
-
+ sid_string_dbg(&delete_sid)));
+
/* Find the policy handle. Open a policy on it. */
-
+
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &domain_sid,
&acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
if (!NT_STATUS_IS_OK(result))
return result;
- DEBUG(8, ("_samr_remove_sid_foreign_domain:sid is %s\n",
- sid_string_static(&domain_sid)));
+ DEBUG(8, ("_samr_remove_sid_foreign_domain:sid is %s\n",
+ sid_string_dbg(&domain_sid)));
/* we can only delete a user from a group since we don't have
nested groups anyways. So in the latter case, just say OK */
if (!sid_check_is_builtin(&domain_sid)) {
DEBUG(1,("_samr_remove_sid_foreign_domain: domain_sid = %s, "
"global_sam_sid() = %s\n",
- sid_string_static(&domain_sid),
- sid_string_static(get_global_sam_sid())));
+ sid_string_dbg(&domain_sid),
+ sid_string_dbg(get_global_sam_sid())));
DEBUGADD(1,("please report to samba-technical@samba.org!\n"));
return NT_STATUS_OK;
}
return r_u->status;
}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Connect(pipes_struct *p,
+ struct samr_Connect *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetSecurity(pipes_struct *p,
+ struct samr_SetSecurity *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QuerySecurity(pipes_struct *p,
+ struct samr_QuerySecurity *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Shutdown(pipes_struct *p,
+ struct samr_Shutdown *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_LookupDomain(pipes_struct *p,
+ struct samr_LookupDomain *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_EnumDomains(pipes_struct *p,
+ struct samr_EnumDomains *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
+ struct samr_QueryDomainInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetDomainInfo(pipes_struct *p,
+ struct samr_SetDomainInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
+ struct samr_EnumDomainGroups *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_CreateUser(pipes_struct *p,
+ struct samr_CreateUser *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
+ struct samr_EnumDomainUsers *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
+ struct samr_EnumDomainAliases *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetAliasMembership(pipes_struct *p,
+ struct samr_GetAliasMembership *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_LookupNames(pipes_struct *p,
+ struct samr_LookupNames *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_LookupRids(pipes_struct *p,
+ struct samr_LookupRids *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryGroupInfo(pipes_struct *p,
+ struct samr_QueryGroupInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetGroupInfo(pipes_struct *p,
+ struct samr_SetGroupInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_AddGroupMember(pipes_struct *p,
+ struct samr_AddGroupMember *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_DeleteGroupMember(pipes_struct *p,
+ struct samr_DeleteGroupMember *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryGroupMember(pipes_struct *p,
+ struct samr_QueryGroupMember *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p,
+ struct samr_SetMemberAttributesOfGroup *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryAliasInfo(pipes_struct *p,
+ struct samr_QueryAliasInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
+ struct samr_SetAliasInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_AddAliasMember(pipes_struct *p,
+ struct samr_AddAliasMember *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_DeleteAliasMember(pipes_struct *p,
+ struct samr_DeleteAliasMember *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetMembersInAlias(pipes_struct *p,
+ struct samr_GetMembersInAlias *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
+ struct samr_QueryUserInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetUserInfo(pipes_struct *p,
+ struct samr_SetUserInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_ChangePasswordUser(pipes_struct *p,
+ struct samr_ChangePasswordUser *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetGroupsForUser(pipes_struct *p,
+ struct samr_GetGroupsForUser *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
+ struct samr_QueryDisplayInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p,
+ struct samr_GetDisplayEnumerationIndex *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_TestPrivateFunctionsDomain(pipes_struct *p,
+ struct samr_TestPrivateFunctionsDomain *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p,
+ struct samr_TestPrivateFunctionsUser *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
+ struct samr_GetUserPwInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p,
+ struct samr_RemoveMemberFromForeignDomain *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryDomainInfo2(pipes_struct *p,
+ struct samr_QueryDomainInfo2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryUserInfo2(pipes_struct *p,
+ struct samr_QueryUserInfo2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p,
+ struct samr_QueryDisplayInfo2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p,
+ struct samr_GetDisplayEnumerationIndex2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p,
+ struct samr_QueryDisplayInfo3 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p,
+ struct samr_AddMultipleMembersToAlias *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_RemoveMultipleMembersFromAlias(pipes_struct *p,
+ struct samr_RemoveMultipleMembersFromAlias *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p,
+ struct samr_OemChangePasswordUser2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Connect2(pipes_struct *p,
+ struct samr_Connect2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetUserInfo2(pipes_struct *p,
+ struct samr_SetUserInfo2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetBootKeyInformation(pipes_struct *p,
+ struct samr_SetBootKeyInformation *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetBootKeyInformation(pipes_struct *p,
+ struct samr_GetBootKeyInformation *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Connect3(pipes_struct *p,
+ struct samr_Connect3 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Connect4(pipes_struct *p,
+ struct samr_Connect4 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
+ struct samr_ChangePasswordUser3 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Connect5(pipes_struct *p,
+ struct samr_Connect5 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_RidToSid(pipes_struct *p,
+ struct samr_RidToSid *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetDsrmPassword(pipes_struct *p,
+ struct samr_SetDsrmPassword *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_ValidatePassword(pipes_struct *p,
+ struct samr_ValidatePassword *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
git.samba.org / ira / wip.git / blobdiff