char *lp_nis_home_map_name(void);
char *lp_announce_version(void);
char *lp_netbios_aliases(void);
-char *lp_domainsid(void);
+char *lp_domain_sid(void);
+char *lp_domain_other_sids(void);
char *lp_domain_groups(void);
char *lp_domain_admin_users(void);
char *lp_domain_guest_users(void);
void initrpcreply(char *inbuf, char *q);
void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen);
-uint32 name_to_rid(char *user_name);
+BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
char *dom_sid_to_string(DOM_SID *sid);
void make_dom_sid(DOM_SID *sid, char *domsid);
+int make_dom_sids(char *sids_str, DOM_SID *sids, int max_sids);
+int make_dom_gids(char *gids_str, DOM_GID *gids);
void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len);
int make_rpc_reply(char *inbuf, char *q, int data_len);
void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate);
void set_remote_arch(enum remote_arch_types type);
enum remote_arch_types get_remote_arch();
char *skip_unicode_string(char *buf,int n);
+char *unistrn2(uint16 *buf, int len);
char *unistr2(uint16 *buf);
char *unistr(char *buf);
int unistrncpy(char *dst, char *src, int len);
char *align_offset(char *q, char *base, int align_offset_len);
void dump_data(int level,char *buf1,int len);
char *tab_depth(int depth);
-int make_domain_gids(char *gids_str, DOM_GID *gids);
} NTTIME;
-#define MAXSUBAUTHS 10 /* max sub authorities in a SID */
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
/* DOM_SID - security id */
typedef struct sid_info
{
- uint8 sid_no; /* SID revision number */
+ uint8 sid_rev_num; /* SID revision number */
uint8 num_auths; /* number of sub-authorities */
uint8 id_auth[6]; /* Identifier Authority */
- uint16 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
+ uint16 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
} DOM_SID;
/* DOM_GID - group id + user attributes */
typedef struct gid_info
{
- uint32 gid; /* group id */
+ uint32 g_rid; /* a group RID */
uint32 attr;
} DOM_GID;
return(buf);
}
+/*******************************************************************
+Return a ascii version of a unicode string
+Hack alert: uses fixed buffer(s) and only handles ascii strings
+********************************************************************/
+#define MAXUNI 1024
+char *unistrn2(uint16 *buf, int len)
+{
+ static char lbufs[8][MAXUNI];
+ static int nexti;
+ char *lbuf = lbufs[nexti];
+ char *p;
+ nexti = (nexti+1)%8;
+ for (p = lbuf; *buf && p-lbuf < MAXUNI-2 && len >= 0; len--, p++, buf++)
+ {
+ *p = *buf;
+ }
+ *p = 0;
+ return lbuf;
+}
+
/*******************************************************************
Return a ascii version of a unicode string
Hack alert: uses fixed buffer(s) and only handles ascii strings
}
-/* array lookup of well-known RID aliases. the purpose of these escapes me.. */
-static struct
-{
- uint32 rid;
- char *rid_name;
-
-} rid_lookups[] =
-{
- { DOMAIN_ALIAS_RID_ADMINS , "admins" },
- { DOMAIN_ALIAS_RID_USERS , "users" },
- { DOMAIN_ALIAS_RID_GUESTS , "guests" },
- { DOMAIN_ALIAS_RID_POWER_USERS , "power_users" },
-
- { DOMAIN_ALIAS_RID_ACCOUNT_OPS , "account_ops" },
- { DOMAIN_ALIAS_RID_SYSTEM_OPS , "system_ops" },
- { DOMAIN_ALIAS_RID_PRINT_OPS , "print_ops" },
- { DOMAIN_ALIAS_RID_BACKUP_OPS , "backup_ops" },
- { DOMAIN_ALIAS_RID_REPLICATOR , "replicator" },
- { 0 , NULL }
-};
-
-int make_domain_gids(char *gids_str, DOM_GID *gids)
-{
- char *ptr;
- pstring s2;
- int count;
-
- DEBUG(4,("make_domain_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0) return 0;
-
- for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr(s2,'/');
- if (attr) *attr++ = 0;
- if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; rid_lookups[i].rid_name != NULL; i++)
- {
- if (strequal(rid_lookups[i].rid_name, s2))
- {
- rid = rid_lookups[i].rid;
- break;
- }
- }
-
- if (rid == 0) rid = atoi(s2);
-
- gids[count].gid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n", gids[count].gid, gids[count].attr));
- }
-
- return count;
-}
-
char *szAnnounceVersion; /* This is initialised in init_globals */
char *szNetbiosAliases;
char *szDomainSID;
+ char *szDomainOtherSIDs;
char *szDomainGroups;
int max_log_size;
int mangled_stack;
{"valid chars", P_STRING, P_GLOBAL, &Globals.szValidChars, handle_valid_chars},
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkGroup, NULL},
{"domain sid", P_USTRING, P_GLOBAL, &Globals.szDomainSID, NULL},
+ {"domain other sids", P_USTRING, P_GLOBAL, &Globals.szDomainOtherSIDs, NULL},
{"domain groups", P_USTRING, P_GLOBAL, &Globals.szDomainGroups, NULL},
{"domain controller",P_STRING, P_GLOBAL, &Globals.szDomainController,NULL},
{"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL},
/* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
string_set(&Globals.szLogonHome, "\\\\%N\\%U");
string_set(&Globals.szLogonPath, "\\\\%N\\%U\\profile");
- string_set(&Globals.szDomainGroups, "776/7");
+
Globals.bLoadPrinters = True;
Globals.bUseRhosts = False;
Globals.max_packet = 65535;
FN_GLOBAL_STRING(lp_announce_version,&Globals.szAnnounceVersion)
FN_GLOBAL_STRING(lp_netbios_aliases,&Globals.szNetbiosAliases)
-FN_GLOBAL_STRING(lp_domainsid,&Globals.szDomainSID)
+FN_GLOBAL_STRING(lp_domain_sid,&Globals.szDomainSID)
+FN_GLOBAL_STRING(lp_domain_other_sids,&Globals.szDomainOtherSIDs)
FN_GLOBAL_STRING(lp_domain_groups,&Globals.szDomainGroups)
FN_GLOBAL_STRING(lp_domain_admin_users,&Globals.szDomainAdminUsers)
FN_GLOBAL_STRING(lp_domain_guest_users,&Globals.szDomainGuestUsers)
/* only cope with one "other" sid, right now. */
/* need to count the number of space-delimited sids */
int i;
- int num_other_sids = other_sids != NULL ? 1 : 0;
+ int num_other_sids = 0;
int len_user_name = strlen(user_name );
int len_full_name = strlen(full_name );
bzero(usr->padding, sizeof(usr->padding));
+ num_other_sids = make_dom_sids(other_sids, usr->other_sids, LSA_MAX_SIDS);
+
usr->num_other_sids = num_other_sids;
usr->buffer_other_sids = num_other_sids != 0 ? 1 : 0;
make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom);
make_dom_sid(&(usr->dom_sid), dom_sid);
- make_dom_sid(&(usr->other_sids[0]), other_sids);
+ /* "other" sids are set up above */
}
/* grab the challenge... */
lsa_io_q_req_chal(True, &q_r, data + 0x18, data, 4, 0);
- fstrcpy(mach_acct, unistr2(q_r.uni_logon_clnt.buffer));
+ fstrcpy(mach_acct, unistrn2(q_r.uni_logon_clnt.buffer,
+ q_r.uni_logon_clnt.uni_str_len));
strcat(mach_acct, "$");
/* checks and updates credentials. creates reply credentials */
deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_creds);
+ usr_info.ptr_user_info = 0;
+
if (vuser != NULL)
{
DOM_GID gids[LSA_MAX_GROUPS];
pstring my_workgroup;
pstring domain_groups;
pstring dom_sid;
+ pstring other_sids;
extern pstring myname;
+ uint32 r_uid;
+ uint32 r_gid;
dummy_time.low = 0xffffffff;
dummy_time.high = 0x7fffffff;
pstrcpy(samlogon_user, unistr2(q_l.sam_id.auth.id1.uni_user_name.buffer));
- DEBUG(3,("SAM Logon. Domain:[%s]. User [%s]\n",
+ DEBUG(3,("SAM Logon. Domain:[%s]. User:[%s]\n",
lp_workgroup(), samlogon_user));
/* hack to get standard_sub_basic() to use the sam logon username */
sam_logon_in_ssb = True;
- pstrcpy(logon_script, lp_logon_script());
- pstrcpy(profile_path, lp_logon_path ());
- pstrcpy(dom_sid , lp_domainsid ());
- pstrcpy(my_workgroup, lp_workgroup ());
+ pstrcpy(logon_script, lp_logon_script ());
+ pstrcpy(profile_path, lp_logon_path ());
+ pstrcpy(dom_sid , lp_domain_sid ());
+ pstrcpy(other_sids , lp_domain_other_sids());
+ pstrcpy(my_workgroup, lp_workgroup ());
- pstrcpy(home_drive , lp_logon_drive ());
- pstrcpy(home_dir , lp_logon_home ());
+ pstrcpy(home_drive , lp_logon_drive ());
+ pstrcpy(home_dir , lp_logon_home ());
/* any additional groups this user is in. e.g power users */
pstrcpy(domain_groups, lp_domain_groups());
strcat(domain_groups, " 513/7 ");
}
- num_gids = make_domain_gids(domain_groups, gids);
+ num_gids = make_dom_gids(domain_groups, gids);
sam_logon_in_ssb = False;
pstrcpy(my_name , myname );
strupper(my_name);
- make_lsa_user_info(&usr_info,
+ if (name_to_rid(samlogon_user, &r_uid, &r_gid))
+ {
+ make_lsa_user_info(&usr_info,
&dummy_time, /* logon_time */
&dummy_time, /* logoff_time */
0, /* logon_count */
0, /* bad_pw_count */
- vuser->uid, /* uint32 user_id */
- vuser->gid, /* uint32 group_id */
+ r_uid, /* RID user_id */
+ r_gid, /* RID group_id */
num_gids, /* uint32 num_groups */
gids, /* DOM_GID *gids */
0x20, /* uint32 user_flgs */
NULL, /* char sess_key[16] */
- my_name, /* char *logon_srv */
+ my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
- dom_sid, /* char *dom_sid */
- NULL); /* char *other_sids */
- }
- else
- {
- usr_info.ptr_user_info = 0;
+ dom_sid, /* char *dom_sid */
+ other_sids); /* char *other_sids */
+ }
}
*rdata_len = lsa_reply_sam_logon(&q_l, *rdata + 0x18, *rdata,
lsa_io_q_query(True, &q_i, data + 0x18, data, 4, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domainsid());
+ pstrcpy(dom_sid , lp_domain_sid());
/* construct reply. return status is always 0x0 */
*rdata_len = lsa_reply_query_info(&q_i, *rdata + 0x18, *rdata,
lsa_io_q_lookup_sids(True, &q_l, data + 0x18, data, 4, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domainsid());
+ pstrcpy(dom_sid , lp_domain_sid());
/* convert received SIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
pstring dom_name;
pstring dom_sid;
uint32 dom_rids[MAX_LOOKUP_SIDS];
+ uint32 dummy_g_rid;
/* grab the info class and policy handle */
lsa_io_q_lookup_rids(True, &q_l, data + 0x18, data, 4, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domainsid());
+ pstrcpy(dom_sid , lp_domain_sid());
/* convert received RIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
{
char *user_name = unistr2(q_l.lookup_name[i].str.buffer);
- dom_rids[i] = name_to_rid(user_name);
+ if (!name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
+ {
+ /* WHOOPS! we should really do something about this... */
+ dom_rids[i] = 0;
+ }
}
/* construct reply. return status is always 0x0 */
/* grab the net share enum */
srv_io_q_net_share_enum(True, &q_n, data + 0x18, data, 4, 0);
+ /* XXXX push the reply buffer size up a bit, and hope it's sufficient */
+ /* for the current maximum limit of 32 share entries */
+ *rdata_len = 4096;
+ *rdata = REALLOC(*rdata, *rdata_len);
+
/* construct reply. always indicate success */
*rdata_len = srv_reply_net_share_enum(&q_n, *rdata + 0x18, *rdata, 0x0);
}
case NETSHAREENUM:
{
api_srv_net_share_info( param, data, rdata, rdata_len);
+
make_rpc_reply(data, *rdata, *rdata_len);
break;
}
{ int fd; fd = open("/tmp/rpc", O_RDWR); write(fd, q, datalen + 4); }
}
-/* RID username mapping function. just for fun, it maps to the unix uid */
-uint32 name_to_rid(char *user_name)
+/* Group and User RID username mapping function */
+BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
{
struct passwd *pw = Get_Pwnam(user_name, False);
+
+ if (u_rid == NULL || g_rid == NULL || user_name == NULL)
+ {
+ return False;
+ }
+
if (!pw)
{
DEBUG(1,("Username %s is invalid on this system\n", user_name));
- return (uint32)(-1);
+ return False;
}
- return (uint32)(pw->pw_uid);
+ if (user_in_list(user_name, lp_domain_guest_users()))
+ {
+ *u_rid = DOMAIN_USER_RID_GUEST;
+ }
+ else if (user_in_list(user_name, lp_domain_admin_users()))
+ {
+ *u_rid = DOMAIN_USER_RID_ADMIN;
+ }
+ else
+ {
+ /* turn the unix UID into a Domain RID. this is what the posix
+ sub-system does (adds 1000 to the uid) */
+ *u_rid = (uint32)(pw->pw_uid + 1000);
+ }
+
+ /* absolutely no idea what to do about the unix GID to Domain RID mapping */
+ *g_rid = (uint32)(pw->pw_gid + 1000);
+
+ return True;
}
(sid->id_auth[2] << 16) +
(sid->id_auth[3] << 24);
- sprintf(sidstr, "S-%d-%d", sid->sid_no, ia);
+ sprintf(sidstr, "S-%d-%d", sid->sid_rev_num, ia);
for (i = 0; i < sid->num_auths; i++)
{
if (domsid == NULL)
{
DEBUG(4,("netlogon domain SID: none\n"));
- sid->sid_no = 0;
+ sid->sid_rev_num = 0;
sid->num_auths = 0;
return;
}
/* assume, but should check, that domsid starts "S-" */
p = strtok(domsid+2,"-");
- sid->sid_no = atoi(p);
+ sid->sid_rev_num = atoi(p);
/* identauth in decimal should be < 2^32 */
/* identauth in hex should be >= 2^32 */
identauth = atoi(strtok(0,"-"));
- DEBUG(4,("netlogon rev %d\n", sid->sid_no));
+ DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num));
DEBUG(4,("netlogon %s ia %d\n", p, identauth));
sid->id_auth[0] = 0;
}
}
+int make_dom_sids(char *sids_str, DOM_SID *sids, int max_sids)
+{
+ char *ptr;
+ pstring s2;
+ int count;
+
+ DEBUG(4,("make_dom_sids: %s\n", sids_str));
+
+ if (sids_str == NULL || *sids_str == 0) return 0;
+
+ for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++)
+ {
+ make_dom_sid(&sids[count], s2);
+ }
+
+ return count;
+}
+
+/* array lookup of well-known RID aliases. the purpose of these escapes me.. */
+/* XXXX this structure should not have the well-known RID groups added to it,
+ i.e the DOMAIN_GROUP_RID_ADMIN/USER/GUEST. */
+static struct
+{
+ uint32 rid;
+ char *rid_name;
+
+} rid_lookups[] =
+{
+ { DOMAIN_ALIAS_RID_ADMINS , "admins" },
+ { DOMAIN_ALIAS_RID_USERS , "users" },
+ { DOMAIN_ALIAS_RID_GUESTS , "guests" },
+ { DOMAIN_ALIAS_RID_POWER_USERS , "power_users" },
+
+ { DOMAIN_ALIAS_RID_ACCOUNT_OPS , "account_ops" },
+ { DOMAIN_ALIAS_RID_SYSTEM_OPS , "system_ops" },
+ { DOMAIN_ALIAS_RID_PRINT_OPS , "print_ops" },
+ { DOMAIN_ALIAS_RID_BACKUP_OPS , "backup_ops" },
+ { DOMAIN_ALIAS_RID_REPLICATOR , "replicator" },
+ { 0 , NULL }
+};
+
+int make_dom_gids(char *gids_str, DOM_GID *gids)
+{
+ char *ptr;
+ pstring s2;
+ int count;
+
+ DEBUG(4,("make_dom_gids: %s\n", gids_str));
+
+ if (gids_str == NULL || *gids_str == 0) return 0;
+
+ for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++)
+ {
+ /* the entries are of the form GID/ATTR, ATTR being optional.*/
+ char *attr;
+ uint32 rid = 0;
+ int i;
+
+ attr = strchr(s2,'/');
+ if (attr) *attr++ = 0;
+ if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
+
+ /* look up the RID string and see if we can turn it into a rid number */
+ for (i = 0; rid_lookups[i].rid_name != NULL; i++)
+ {
+ if (strequal(rid_lookups[i].rid_name, s2))
+ {
+ rid = rid_lookups[i].rid;
+ break;
+ }
+ }
+
+ if (rid == 0) rid = atoi(s2);
+
+ if (rid == 0)
+ {
+ DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n",
+ s2, attr));
+ count--;
+ }
+ else
+ {
+ gids[count].g_rid = rid;
+ gids[count].attr = atoi(attr);
+
+ DEBUG(5,("group id: %d attr: %d\n",
+ gids[count].g_rid,
+ gids[count].attr));
+ }
+ }
+
+ return count;
+}
+
void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len)
{
if (hdr == NULL) return;
q = align_offset(q, base, align);
- DBG_RW_IVAL("num_auths ", depth, base, io, q, sid->num_auths); q += 4;
- DBG_RW_CVAL("sid_no ", depth, base, io, q, sid->sid_no); q++;
- DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++;
+ DBG_RW_IVAL("num_auths ", depth, base, io, q, sid->num_auths); q += 4;
+ DBG_RW_CVAL("sid_rev_num", depth, base, io, q, sid->sid_rev_num); q++;
+ DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++;
for (i = 0; i < 6; i++)
{
q = align_offset(q, base, align);
- DBG_RW_IVAL("gid ", depth, base, io, q, gid->gid ); q += 4;
- DBG_RW_IVAL("attr", depth, base, io, q, gid->attr); q += 4;
+ DBG_RW_IVAL("g_rid", depth, base, io, q, gid->g_rid); q += 4;
+ DBG_RW_IVAL("attr ", depth, base, io, q, gid->attr ); q += 4;
return q;
}
git.samba.org / ira / wip.git / commitdiff