#include "includes.h"
-
-/*******************************************************************
- Create a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
-{
- SEC_ACL *dst;
- int i;
-
- if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->num_aces = num_aces;
- dst->size = SEC_ACL_HEADER_SIZE;
-
- /* Now we need to return a non-NULL address for the ace list even
- if the number of aces required is zero. This is because there
- is a distinct difference between a NULL ace and an ace with zero
- entries in it. This is achieved by checking that num_aces is a
- positive number. */
-
- if ((num_aces) &&
- ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces))
- == NULL)) {
- return NULL;
- }
-
- for (i = 0; i < num_aces; i++) {
- dst->ace[i] = ace_list[i]; /* Structure copy. */
- dst->size += ace_list[i].size;
- }
-
- return dst;
-}
-
-
-
-/*******************************************************************
- Duplicate a SEC_ACL structure.
-********************************************************************/
-
-static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
-{
- if(src == NULL)
- return NULL;
-
- return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
-}
-
-
-
-/*******************************************************************
- Creates a SEC_DESC structure
-********************************************************************/
-
-static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
- DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
-{
- SEC_DESC *dst;
- uint32 offset = 0;
- uint32 offset_sid = SEC_DESC_HEADER_SIZE;
- uint32 offset_acl = 0;
-
- *sd_size = 0;
-
- if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
- return NULL;
-
- dst->revision = revision;
- dst->type = SEC_DESC_SELF_RELATIVE;
-
- if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
- if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
-
- dst->off_owner_sid = 0;
- dst->off_grp_sid = 0;
- dst->off_sacl = 0;
- dst->off_dacl = 0;
-
- if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
- goto error_exit;
-
- if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
- goto error_exit;
-
- if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
- goto error_exit;
-
- if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
- goto error_exit;
-
- offset = 0;
-
- /*
- * Work out the linearization sizes.
- */
- if (dst->owner_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->owner_sid);
- }
-
- if (dst->grp_sid != NULL) {
-
- if (offset == 0)
- offset = SEC_DESC_HEADER_SIZE;
-
- offset += sid_size(dst->grp_sid);
- }
-
- if (dst->sacl != NULL) {
-
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_sacl = offset_acl;
- offset_acl += dst->sacl->size;
- offset += dst->sacl->size;
- offset_sid += dst->sacl->size;
- }
-
- if (dst->dacl != NULL) {
-
- if (offset_acl == 0)
- offset_acl = SEC_DESC_HEADER_SIZE;
-
- dst->off_dacl = offset_acl;
- offset_acl += dst->dacl->size;
- offset += dst->dacl->size;
- offset_sid += dst->dacl->size;
- }
-
- *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
-
- if (dst->owner_sid != NULL)
- dst->off_owner_sid = offset_sid;
-
- /* sid_size() returns 0 if the sid is NULL so this is ok */
-
- if (dst->grp_sid != NULL)
- dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
-
- return dst;
-
-error_exit:
-
- *sd_size = 0;
- return NULL;
-}
-
-/*******************************************************************
- Duplicate a SEC_DESC structure.
-********************************************************************/
-
-static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
-{
- size_t dummy;
-
- if(src == NULL)
- return NULL;
-
- return make_sec_desc( ctx, src->revision,
- src->owner_sid, src->grp_sid, src->sacl,
- src->dacl, &dummy);
-}
-
-
-
-
-
-
-
-extern GUMS_FUNCTIONS *gums_storage;
-
/* Functions to get/set info from a GUMS object */
-NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- *type = obj->type;
- return NT_STATUS_OK;
-}
-
NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
{
TALLOC_CTX *mem_ctx = talloc_init("gums_create_object");
switch(type) {
case GUMS_OBJ_DOMAIN:
+ go->data.domain = (GUMS_DOMAIN *)talloc_zero(mem_ctx, sizeof(GUMS_DOMAIN));
break;
/*
go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
break;
+ case GUMS_OBJ_PRIVILEGE:
+ go->data.priv = (GUMS_PRIVILEGE *)talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE));
+ break;
+
default:
/* TODO: throw error */
ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
goto error;
}
+ switch(type) {
+ case GUMS_OBJ_NORMAL_USER:
+ gums_set_user_acct_ctrl(go, ACB_NORMAL);
+ gums_set_user_hours(go, 0, NULL);
+ }
+
*obj = go;
return NT_STATUS_OK;
-
+
error:
talloc_destroy(go->mem_ctx);
*obj = NULL;
return ret;
}
-NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj)
+NTSTATUS gums_destroy_object(GUMS_OBJECT **obj)
{
- if (!version || !obj)
+ if (!obj || !(*obj))
return NT_STATUS_INVALID_PARAMETER;
- *version = obj->version;
+ if ((*obj)->mem_ctx)
+ talloc_destroy((*obj)->mem_ctx);
+ *obj = NULL;
+
return NT_STATUS_OK;
}
-NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 version)
+void gums_reset_object(GUMS_OBJECT *go)
+{
+ go->seq_num = 0;
+ go->sid = NULL;
+ go->name = NULL;
+ go->description = NULL;
+
+ switch(go->type) {
+ case GUMS_OBJ_DOMAIN:
+ memset(go->data.domain, 0, sizeof(GUMS_DOMAIN));
+ break;
+
+/*
+ case GUMS_OBJ_WORKSTATION_TRUST:
+ case GUMS_OBJ_SERVER_TRUST:
+ case GUMS_OBJ_DOMAIN_TRUST:
+*/
+ case GUMS_OBJ_NORMAL_USER:
+ memset(go->data.user, 0, sizeof(GUMS_USER));
+ gums_set_user_acct_ctrl(go, ACB_NORMAL);
+ break;
+
+ case GUMS_OBJ_GROUP:
+ case GUMS_OBJ_ALIAS:
+ memset(go->data.group, 0, sizeof(GUMS_GROUP));
+ break;
+
+ case GUMS_OBJ_PRIVILEGE:
+ memset(go->data.priv, 0, sizeof(GUMS_PRIVILEGE));
+ break;
+
+ default:
+ return;
+ }
+}
+
+uint32 gums_get_object_type(const GUMS_OBJECT *obj)
{
if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
+ return 0;
- obj->version = version;
- return NT_STATUS_OK;
+ return obj->type;
}
-NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj)
+uint32 gums_get_object_seq_num(const GUMS_OBJECT *obj)
{
- if (!sec_desc || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj)
+ return 0;
- *sec_desc = obj->sec_desc;
- return NT_STATUS_OK;
+ return obj->seq_num;
}
-NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
+uint32 gums_get_object_version(const GUMS_OBJECT *obj)
{
- if (!obj || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj)
+ return 0;
- obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
- if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
+ return obj->version;
}
-NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj)
+const SEC_DESC *gums_get_sec_desc(const GUMS_OBJECT *obj)
{
- if (!sid || !obj)
+ if (!obj)
+ return NULL;
+
+ return obj->sec_desc;
+}
+
+const DOM_SID *gums_get_object_sid(const GUMS_OBJECT *obj)
+{
+ if (!obj)
+ return NULL;
+
+ return obj->sid;
+}
+
+const char *gums_get_object_name(const GUMS_OBJECT *obj)
+{
+ if (!obj)
+ return NULL;
+
+ return obj->name;
+}
+
+const char *gums_get_object_description(const GUMS_OBJECT *obj)
+{
+ if (!obj)
+ return NULL;
+
+ return obj->description;
+}
+
+NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 seq_num)
+{
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
- *sid = obj->sid;
+ obj->seq_num = seq_num;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
+NTSTATUS gums_set_object_version(GUMS_OBJECT *obj, uint32 version)
{
- if (!obj || !sid)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
- obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
+ obj->version = version;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
{
- if (!name || !obj)
+ if (!obj || !sec_desc)
return NT_STATUS_INVALID_PARAMETER;
- *name = obj->name;
+ obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
+ if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
+NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
{
- if (!obj || !name)
+ if (!obj || !sid)
return NT_STATUS_INVALID_PARAMETER;
- obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
- if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
+ obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
+ if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
{
- if (!description || !obj)
+ if (!obj || !name)
return NT_STATUS_INVALID_PARAMETER;
- *description = obj->description;
+ obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
+ if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
}
return NT_STATUS_OK;
}
-/* User specific functions */
-
/*
NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
{
}
*/
-NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj)
+uint32 gums_get_domain_next_rid(const GUMS_OBJECT *obj)
{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return -1;
- *rid = obj->data.domain->next_rid;
- return NT_STATUS_OK;
+ return obj->data.domain->next_rid;
}
NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (!sid || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+/* User specific functions */
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const DOM_SID *gums_get_user_pri_group(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- *sid = obj->data.user->group_sid;
- return NT_STATUS_OK;
+ return obj->data.user->group_sid;
}
-NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
+const DATA_BLOB gums_get_user_nt_pwd(const GUMS_OBJECT *obj)
{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
+ fstring p;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return data_blob(NULL, 0);
- obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+ smbpasswd_sethexpwd(p, (unsigned char *)(obj->data.user->nt_pw.data), 0);
+ DEBUG(100, ("Reading NT Password=[%s]\n", p));
+
+ return obj->data.user->nt_pw;
}
-NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
-{
- if (!nt_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+const DATA_BLOB gums_get_user_lm_pwd(const GUMS_OBJECT *obj)
+{
+ fstring p;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return data_blob(NULL, 0);
- *nt_pwd = &(obj->data.user->nt_pw);
- return NT_STATUS_OK;
+ smbpasswd_sethexpwd(p, (unsigned char *)(obj->data.user->lm_pw.data), 0);
+ DEBUG(100, ("Reading LM Password=[%s]\n", p));
+
+ return obj->data.user->lm_pw;
}
-NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
+const char *gums_get_user_fullname(const GUMS_OBJECT *obj)
{
- if (!obj || nt_pwd.length != NT_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
- return NT_STATUS_OK;
+ return obj->data.user->full_name;
}
-NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
-{
- if (!lm_pwd || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const char *gums_get_user_homedir(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- *lm_pwd = &(obj->data.user->lm_pw);
- return NT_STATUS_OK;
+ return obj->data.user->home_dir;
}
-NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
+const char *gums_get_user_dir_drive(const GUMS_OBJECT *obj)
{
- if (!obj || lm_pwd.length != LM_HASH_LEN)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->dir_drive;
+}
- obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
- return NT_STATUS_OK;
+const char *gums_get_user_profile_path(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
+
+ return obj->data.user->profile_path;
}
-NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj)
+const char *gums_get_user_logon_script(const GUMS_OBJECT *obj)
{
- if (!fullname || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->logon_script;
+}
- *fullname = obj->data.user->full_name;
- return NT_STATUS_OK;
+const char *gums_get_user_workstations(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
+
+ return obj->data.user->workstations;
}
-NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
+const char *gums_get_user_unknown_str(const GUMS_OBJECT *obj)
{
- if (!obj || !fullname)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->unknown_str;
+}
- obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
- if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+const char *gums_get_user_munged_dial(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
+
+ return obj->data.user->munged_dial;
}
-NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj)
+NTTIME gums_get_user_logon_time(const GUMS_OBJECT *obj)
{
- if (!homedir || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->logon_time;
+}
- *homedir = obj->data.user->home_dir;
- return NT_STATUS_OK;
+NTTIME gums_get_user_logoff_time(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
+
+ return obj->data.user->logoff_time;
}
-NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
+NTTIME gums_get_user_kickoff_time(const GUMS_OBJECT *obj)
{
- if (!obj || !homedir)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->kickoff_time;
+}
- obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
- if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+NTTIME gums_get_user_pass_last_set_time(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
+
+ return obj->data.user->pass_last_set_time;
}
-NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj)
+NTTIME gums_get_user_pass_can_change_time(const GUMS_OBJECT *obj)
{
- if (!dirdrive || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->pass_can_change_time;
+}
- *dirdrive = obj->data.user->dir_drive;
- return NT_STATUS_OK;
+NTTIME gums_get_user_pass_must_change_time(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
+ NTTIME null_time;
+ init_nt_time(&null_time);
+ return null_time;
+ }
+
+ return obj->data.user->pass_must_change_time;
}
-NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
+uint16 gums_get_user_acct_ctrl(const GUMS_OBJECT *obj)
{
- if (!obj || !dir_drive)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->acct_ctrl;
+}
- obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
- if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+uint16 gums_get_user_logon_divs(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
+
+ return obj->data.user->logon_divs;
}
-NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj)
+uint32 gums_get_user_hours_len(const GUMS_OBJECT *obj)
{
- if (!logon_script || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->hours_len;
+}
- *logon_script = obj->data.user->logon_script;
- return NT_STATUS_OK;
+const uint8 *gums_get_user_hours(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return NULL;
+
+ return obj->data.user->hours;
}
-NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
+uint32 gums_get_user_unknown_3(const GUMS_OBJECT *obj)
{
- if (!obj || !logon_script)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ return obj->data.user->unknown_3;
+}
- obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
- if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+uint16 gums_get_user_bad_password_count(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
+
+ return obj->data.user->bad_password_count;
}
-NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj)
+uint16 gums_get_user_logon_count(const GUMS_OBJECT *obj)
{
- if (!profile_path || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- *profile_path = obj->data.user->profile_path;
- return NT_STATUS_OK;
+ return obj->data.user->logon_count;
}
-NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
+uint32 gums_get_user_unknown_6(const GUMS_OBJECT *obj)
{
- if (!obj || !profile_path)
- return NT_STATUS_INVALID_PARAMETER;
+ if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
+ return 0;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
- if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
+ return obj->data.user->unknown_6;
}
-NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
{
- if (!workstations || !obj)
+ if (!obj || !sid)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *workstations = obj->data.user->workstations;
+ obj->data.user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
+ if (!(obj->data.user->group_sid)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
+NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
{
- if (!obj || !workstations)
+ fstring p;
+ unsigned char r[16];
+
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
- if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
+
+ memcpy(r, nt_pwd.data, 16);
+ smbpasswd_sethexpwd(p, r, 0);
+ DEBUG(100, ("Setting NT Password=[%s]\n", p));
+
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
{
- if (!unknown_str || !obj)
+ fstring p;
+ unsigned char r[16];
+
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *unknown_str = obj->data.user->unknown_str;
+ obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
+
+ memcpy(r, lm_pwd.data, 16);
+ smbpasswd_sethexpwd(p, r, 0);
+ DEBUG(100, ("Setting LM Password=[%s]\n", p));
+
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
+NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
{
- if (!obj || !unknown_str)
+ if (!obj || !fullname)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
- if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
+ if (!(obj->data.user->full_name)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
{
- if (!munged_dial || !obj)
+ if (!obj || !homedir)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *munged_dial = obj->data.user->munged_dial;
+ obj->data.user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
+ if (!(obj->data.user->home_dir)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
+NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
{
- if (!obj || !munged_dial)
+ if (!obj || !dir_drive)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
- if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
+ if (!(obj->data.user->dir_drive)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_logon_time(NTTIME *logon_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
{
- if (!logon_time || !obj)
+ if (!obj || !logon_script)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *logon_time = obj->data.user->logon_time;
+ obj->data.user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
+ if (!(obj->data.user->logon_script)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
+NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
{
- if (!obj)
+ if (!obj || !profile_path)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->logon_time = logon_time;
+ obj->data.user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
+ if (!(obj->data.user->profile_path)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_logoff_time(NTTIME *logoff_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
{
- if (!logoff_time || !obj)
+ if (!obj || !workstations)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *logoff_time = obj->data.user->logoff_time;
+ obj->data.user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
+ if (!(obj->data.user->workstations)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
+NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
{
- if (!obj)
+ if (!obj || !unknown_str)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->logoff_time = logoff_time;
+ obj->data.user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
+ if (!(obj->data.user->unknown_str)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_kickoff_time(NTTIME *kickoff_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
{
- if (!kickoff_time || !obj)
+ if (!obj || !munged_dial)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *kickoff_time = obj->data.user->kickoff_time;
+ obj->data.user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
+ if (!(obj->data.user->munged_dial)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
+NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
{
if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->kickoff_time = kickoff_time;
+ obj->data.user->logon_time = logon_time;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pass_last_set_time(NTTIME *pass_last_set_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
{
- if (!pass_last_set_time || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *pass_last_set_time = obj->data.user->pass_last_set_time;
+ obj->data.user->logoff_time = logoff_time;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
+NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
{
if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->pass_last_set_time = pass_last_set_time;
+ obj->data.user->kickoff_time = kickoff_time;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pass_can_change_time(NTTIME *pass_can_change_time, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
{
- if (!pass_can_change_time || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *pass_can_change_time = obj->data.user->pass_can_change_time;
+ obj->data.user->pass_last_set_time = pass_last_set_time;
return NT_STATUS_OK;
}
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_pass_must_change_time(NTTIME *pass_must_change_time, const GUMS_OBJECT *obj)
-{
- if (!pass_must_change_time || !obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- *pass_must_change_time = obj->data.user->pass_must_change_time;
- return NT_STATUS_OK;
-}
-
NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time)
{
if (!obj)
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_acct_ctrl(GUMS_OBJECT *obj, uint16 acct_ctrl)
{
- if (!logon_divs || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *logon_divs = obj->data.user->logon_divs;
+ obj->data.user->acct_ctrl = acct_ctrl;
return NT_STATUS_OK;
}
NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs)
{
- if (!obj || !logon_divs)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, uint32 hours_len, const uint8 *hours)
{
- if (!hours_len || !obj)
+ if (!obj || !hours)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *hours_len = obj->data.user->hours_len;
+ obj->data.user->hours_len = hours_len;
+ if (hours_len == 0)
+ DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
+
+ obj->data.user->hours = (uint8 *)talloc(obj->mem_ctx, MAX_HOURS_LEN);
+ if (!(obj->data.user->hours))
+ return NT_STATUS_NO_MEMORY;
+ if (hours_len)
+ memcpy(obj->data.user->hours, hours, hours_len);
+
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_hours_len(GUMS_OBJECT *obj, uint32 hours_len)
+NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
{
if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->hours_len = hours_len;
+ obj->data.user->unknown_3 = unknown_3;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_bad_password_count(GUMS_OBJECT *obj, uint16 bad_password_count)
{
- if (!hours || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *hours = obj->data.user->hours;
+ obj->data.user->bad_password_count = bad_password_count;
return NT_STATUS_OK;
}
-/* WARNING: always set hours_len before hours */
-NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, const uint8 *hours)
+NTSTATUS gums_set_user_logon_count(GUMS_OBJECT *obj, uint16 logon_count)
{
- if (!obj || !hours)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (obj->data.user->hours_len == 0)
- DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
-
- obj->data.user->hours = (uint8 *)talloc_memdup(obj->mem_ctx, hours, obj->data.user->hours_len);
- if (!(obj->data.user->hours) & (obj->data.user->hours_len != 0)) return NT_STATUS_NO_MEMORY;
+ obj->data.user->logon_count = logon_count;
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_unknown_3(uint32 *unknown_3, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
{
- if (!unknown_3 || !obj)
+ if (!obj)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *unknown_3 = obj->data.user->unknown_3;
+ obj->data.user->unknown_6 = unknown_6;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
+/* Group specific functions */
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const DOM_SID *gums_get_group_members(int *count, const GUMS_OBJECT *obj)
+{
+ if (!count || !obj || !(obj->type == GUMS_OBJ_GROUP || obj->type == GUMS_OBJ_ALIAS)) {
+ *count = -1;
+ return NULL;
+ }
- obj->data.user->unknown_3 = unknown_3;
- return NT_STATUS_OK;
+ *count = obj->data.group->count;
+ return obj->data.group->members;
}
-NTSTATUS gums_get_user_unknown_5(uint32 *unknown_5, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members)
{
- if (!unknown_5 || !obj)
+ uint32 n;
+
+ if (!obj || ((count > 0) && !members))
return NT_STATUS_INVALID_PARAMETER;
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (obj->type != GUMS_OBJ_GROUP &&
+ obj->type != GUMS_OBJ_ALIAS)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *unknown_5 = obj->data.user->unknown_5;
- return NT_STATUS_OK;
-}
+ obj->data.group->count = count;
-NTSTATUS gums_set_user_unknown_5(GUMS_OBJECT *obj, uint32 unknown_5)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
+ if (count) {
+ obj->data.group->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID));
+ if (!(obj->data.group->members)) {
+ return NT_STATUS_NO_MEMORY;
+ }
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->unknown_5 = unknown_5;
+ n = 0;
+ do {
+ sid_copy(&(obj->data.group->members[n]), &(members[n]));
+ n++;
+ } while (n < count);
+ } else {
+ obj->data.group->members = 0;
+ }
+
return NT_STATUS_OK;
}
-NTSTATUS gums_get_user_unknown_6(uint32 *unknown_6, const GUMS_OBJECT *obj)
-{
- if (!unknown_6 || !obj)
- return NT_STATUS_INVALID_PARAMETER;
+/* Privilege specific functions */
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+const LUID_ATTR *gums_get_priv_luid_attr(const GUMS_OBJECT *obj)
+{
+ if (!obj || obj->type != GUMS_OBJ_PRIVILEGE)
+ return NULL;
- *unknown_6 = obj->data.user->unknown_6;
- return NT_STATUS_OK;
+ return obj->data.priv->privilege;
}
-NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
+const DOM_SID *gums_get_priv_members(int *count, const GUMS_OBJECT *obj)
{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!count || !obj || obj->type != GUMS_OBJ_PRIVILEGE) {
+ *count = -1;
+ return NULL;
+ }
- obj->data.user->unknown_6 = unknown_6;
- return NT_STATUS_OK;
+ *count = obj->data.priv->count;
+ return obj->data.priv->members;
}
-/* Group specific functions */
-
-NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj)
+NTSTATUS gums_set_priv_luid_attr(GUMS_OBJECT *obj, LUID_ATTR *luid_attr)
{
- if (!count || !members || !obj)
+ if (!luid_attr || !obj)
return NT_STATUS_INVALID_PARAMETER;
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (obj->type != GUMS_OBJ_PRIVILEGE)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *count = obj->data.group->count;
- *members = *(obj->data.group->members);
+ obj->data.priv->privilege = (LUID_ATTR *)talloc_memdup(obj->mem_ctx, luid_attr, sizeof(LUID_ATTR));
+ if (!(obj->data.priv->privilege)) return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID **members)
+NTSTATUS gums_set_priv_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members)
{
uint32 n;
if (!obj || !members || !members)
return NT_STATUS_INVALID_PARAMETER;
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (obj->type != GUMS_OBJ_PRIVILEGE)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+ obj->data.priv->count = count;
+ obj->data.priv->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID));
+ if (!(obj->data.priv->members))
+ return NT_STATUS_NO_MEMORY;
- obj->data.group->count = count;
n = 0;
do {
- obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]);
- if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY;
+ sid_copy(&(obj->data.priv->members[n]), &(members[n]));
n++;
} while (n < count);
+
return NT_STATUS_OK;
}
/* data_store set functions */
-NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type)
+NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, DOM_SID *sid, uint32 type)
{
TALLOC_CTX *mem_ctx;
- GUMS_COMMIT_SET *set;
mem_ctx = talloc_init("commit_set");
if (mem_ctx == NULL)
return NT_STATUS_NO_MEMORY;
- set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET));
- if (set == NULL) {
+
+ *com_set = (GUMS_COMMIT_SET *)talloc_zero(mem_ctx, sizeof(GUMS_COMMIT_SET));
+ if (*com_set == NULL) {
talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
- set->mem_ctx = mem_ctx;
- set->type = type;
- sid_copy(&(set->sid), sid);
- set->count = 0;
- set->data = NULL;
- *com_set = set;
+ (*com_set)->mem_ctx = mem_ctx;
+ (*com_set)->type = type;
+ sid_copy(&((*com_set)->sid), sid);
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
+NTSTATUS gums_cs_grow_data_set(GUMS_COMMIT_SET *com_set, int size)
{
GUMS_DATA_SET *data_set;
- SEC_DESC *new_sec_desc;
- if (!mem_ctx || !com_set || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ com_set->count = com_set->count + size;
+ if (com_set->count == size) { /* data set is empty*/
+ data_set = (GUMS_DATA_SET *)talloc_zero(com_set->mem_ctx, sizeof(GUMS_DATA_SET));
} else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ data_set = (GUMS_DATA_SET *)talloc_realloc(com_set->mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
}
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ com_set->data = data_set;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_cs_set_sec_desc(GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
+{
+ NTSTATUS ret;
+ GUMS_DATA_SET *data_set;
+ SEC_DESC *new_sec_desc;
+
+ if (!com_set || !sec_desc)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
+
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_SEC_DESC;
- new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
+ new_sec_desc = dup_sec_desc(com_set->mem_ctx, sec_desc);
if (new_sec_desc == NULL)
return NT_STATUS_NO_MEMORY;
}
/*
-NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
+NTSTATUS gums_cs_add_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
LUID_ATTR *new_priv;
- if (!mem_ctx || !com_set)
+ if (!com_set)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_ADD_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv)))
+ return ret;
(SEC_DESC *)(data_set->data) = new_priv;
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
+NTSTATUS gums_cs_del_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
LUID_ATTR *new_priv;
- if (!mem_ctx || !com_set)
+ if (!com_set)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_DEL_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv)))
+ return ret;
(SEC_DESC *)(data_set->data) = new_priv;
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
+NTSTATUS gums_cs_set_privilege_set(GUMS_PRIV_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
PRIVILEGE_SET *new_priv_set;
- if (!mem_ctx || !com_set || !priv_set)
+ if (!com_set || !priv_set)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) {
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = init_priv_set_with_ctx(com_set->mem_ctx, &new_priv_set)))
+ return ret;
+
+ if (!NT_STATUS_IS_OK(ret = dup_priv_set(new_priv_set, priv_set)))
+ return ret;
(SEC_DESC *)(data_set->data) = new_priv_set;
}
*/
-NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
+NTSTATUS gums_cs_set_string(GUMS_COMMIT_SET *com_set, uint32 type, char *str)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
char *new_str;
- if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
+ if (!com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = type;
- new_str = talloc_strdup(mem_ctx, str);
+ new_str = talloc_strdup(com_set->mem_ctx, str);
if (new_str == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
+NTSTATUS gums_cs_set_name(GUMS_COMMIT_SET *com_set, char *name)
{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, name);
}
-NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
+NTSTATUS gums_cs_set_description(GUMS_COMMIT_SET *com_set, char *desc)
{
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
+ return gums_cs_set_string(com_set, GUMS_SET_DESCRIPTION, desc);
}
-NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
+NTSTATUS gums_cs_set_full_name(GUMS_COMMIT_SET *com_set, char *full_name)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, full_name);
}
-NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
+NTSTATUS gums_cs_set_home_directory(GUMS_COMMIT_SET *com_set, char *home_dir)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, home_dir);
}
-NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
+NTSTATUS gums_cs_set_drive(GUMS_COMMIT_SET *com_set, char *drive)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, drive);
}
-NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
+NTSTATUS gums_cs_set_logon_script(GUMS_COMMIT_SET *com_set, char *logon_script)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, logon_script);
}
-NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
+NTSTATUS gums_cs_set_profile_path(GUMS_COMMIT_SET *com_set, char *prof_path)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, prof_path);
}
-NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
+NTSTATUS gums_cs_set_workstations(GUMS_COMMIT_SET *com_set, char *wks)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, wks);
}
-NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
+NTSTATUS gums_cs_set_unknown_string(GUMS_COMMIT_SET *com_set, char *unkn_str)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, unkn_str);
}
-NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
+NTSTATUS gums_cs_set_munged_dial(GUMS_COMMIT_SET *com_set, char *munged_dial)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
+ return gums_cs_set_string(com_set, GUMS_SET_NAME, munged_dial);
}
-NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
+NTSTATUS gums_cs_set_nttime(GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
NTTIME *new_time;
- if (!mem_ctx || !com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
+ if (!com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = type;
- new_time = talloc(mem_ctx, sizeof(NTTIME));
+ new_time = talloc(com_set->mem_ctx, sizeof(NTTIME));
if (new_time == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
+NTSTATUS gums_cs_set_logon_time(GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, logon_time);
}
-NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
+NTSTATUS gums_cs_set_logoff_time(GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
}
-NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
+NTSTATUS gums_cs_set_kickoff_time(GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
}
-NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
+NTSTATUS gums_cs_set_pass_last_set_time(GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pls_time);
}
-NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
+NTSTATUS gums_cs_set_pass_can_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pcc_time);
}
-NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
+NTSTATUS gums_cs_set_pass_must_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
{
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
+ return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pmc_time);
}
-NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_add_sids_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
DOM_SID **new_sids;
int i;
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_ADD_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
if (new_sids == NULL)
return NT_STATUS_NO_MEMORY;
for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
if (new_sids[i] == NULL)
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
-NTSTATUS gums_cs_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_add_users_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
+ return gums_cs_add_sids_to_group(com_set, sids, count);
}
-NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_add_groups_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
+ return gums_cs_add_sids_to_group(com_set, sids, count);
}
-NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_cs_del_sids_from_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
DOM_SID **new_sids;
int i;
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_DEL_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
if (new_sids == NULL)
return NT_STATUS_NO_MEMORY;
for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
if (new_sids[i] == NULL)
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
-NTSTATUS gums_ds_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+NTSTATUS gums_ds_set_sids_in_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
{
+ NTSTATUS ret;
GUMS_DATA_SET *data_set;
DOM_SID **new_sids;
int i;
- if (!mem_ctx || !com_set || !sids)
+ if (!com_set || !sids)
return NT_STATUS_INVALID_PARAMETER;
if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
+ return ret;
- com_set->data[0] = data_set;
- data_set = ((com_set->data)[com_set->count - 1]);
+ data_set = &((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
if (new_sids == NULL)
return NT_STATUS_NO_MEMORY;
for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
if (new_sids[i] == NULL)
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
-
NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
{
- return gums_storage->set_object_values(&(set->sid), set->count, set->data);
+ NTSTATUS ret;
+ GUMS_FUNCTIONS *fns;
+
+ if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) {
+ DEBUG(0, ("gums_commit_data: unable to get gums functions! backend uninitialized?\n"));
+ return ret;
+ }
+ return fns->set_object_values(&(set->sid), set->count, set->data);
}
NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
#include "includes.h"
-extern GUMS_FUNCTIONS *gums_storage;
-
extern DOM_SID global_sid_World;
+extern DOM_SID global_sid_Builtin;
extern DOM_SID global_sid_Builtin_Administrators;
extern DOM_SID global_sid_Builtin_Power_Users;
extern DOM_SID global_sid_Builtin_Account_Operators;
/* defines */
#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
+#define NTSTATUS_CHECK(err, label, str1, str2) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s\n", str1, str2)); } } while(0)
/****************************************************************************
Check if a user is a mapped group.
}
#endif
-/****************************************************************************
- duplicate alloc luid_attr
- ****************************************************************************/
-NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
-{
- *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
- if (*new_la == NULL) {
- DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*new_la)->luid.high = old_la.luid.high;
- (*new_la)->luid.low = old_la.luid.low;
- (*new_la)->attr = old_la.attr;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- initialise a privilege list
- ****************************************************************************/
-void gums_init_privilege(PRIVILEGE_SET *priv_set)
-{
- priv_set->count=0;
- priv_set->control=0;
- priv_set->set=NULL;
-}
-
-/****************************************************************************
- add a privilege to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
-
- /* check if the privilege is not already in the list */
- if (gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* we can allocate memory to add the new privilege */
-
- new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- new_set[priv_set->count].luid.high=set.luid.high;
- new_set[priv_set->count].luid.low=set.luid.low;
- new_set[priv_set->count].attr=set.attr;
-
- priv_set->count++;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- add all the privileges to a privilege array
- ****************************************************************************/
-NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
-{
- NTSTATUS result = NT_STATUS_OK;
- LUID_ATTR set;
-
- set.attr=0;
- set.luid.high=0;
-
- set.luid.low=SE_PRIV_ADD_USERS;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_ADD_MACHINES;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_PRINT_OPERATOR;
- result = gums_add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
-done:
- return result;
-}
-
-/****************************************************************************
- check if the privilege list is empty
- ****************************************************************************/
-BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set)
-{
- return (priv_set->count == 0);
-}
-
-/****************************************************************************
- check if the privilege is in the privilege list
- ****************************************************************************/
-BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
-{
- int i;
-
- /* if the list is empty, obviously we can't have it */
- if (gums_check_empty_privilege(priv_set))
- return False;
-
- for (i=0; i<priv_set->count; i++) {
- LUID_ATTR *cur_set;
-
- cur_set=&priv_set->set[i];
- /* check only the low and high part. Checking the attr field has no meaning */
- if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
- return True;
- }
-
- return False;
-}
-
-/****************************************************************************
- remove a privilege from a privilege array
- ****************************************************************************/
-NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i,j;
-
- /* check if the privilege is in the list */
- if (!gums_check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* special case if it's the only privilege in the list */
- if (priv_set->count==1) {
- gums_init_privilege(priv_set);
- return NT_STATUS_OK;
- }
-
- /*
- * the privilege is there, create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0, j=0; i<priv_set->count; i++) {
- if ((old_set[i].luid.low == set.luid.low) &&
- (old_set[i].luid.high == set.luid.high)) {
- continue;
- }
-
- new_set[j].luid.low = old_set[i].luid.low;
- new_set[j].luid.high = old_set[i].luid.high;
- new_set[j].attr = old_set[i].attr;
-
- j++;
- }
-
- if (j != priv_set->count - 1) {
- DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
- DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* ok everything is fine */
-
- priv_set->count--;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- duplicates a privilege array
- ****************************************************************************/
-NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i;
-
- *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
- gums_init_privilege(*new_priv_set);
-
- /* special case if there are no privileges in the list */
- if (priv_set->count == 0) {
- return NT_STATUS_OK;
- }
-
- /*
- * create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i < priv_set->count; i++) {
-
- new_set[i].luid.low = old_set[i].luid.low;
- new_set[i].luid.high = old_set[i].luid.high;
- new_set[i].attr = old_set[i].attr;
- }
-
- (*new_priv_set)->count = priv_set->count;
- (*new_priv_set)->control = priv_set->control;
- (*new_priv_set)->set = new_set;
-
- return NT_STATUS_OK;
-}
-
#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
(READ_CONTROL_ACCESS | \
#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
-#if 0
NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
{
DOM_SID *world = &global_sid_World;
return NT_STATUS_NO_MEMORY;
}
- *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
+ *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, admins, admins, sacl, dacl, &psize);
if (!(*sec_desc)) {
DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
return NT_STATUS_NO_MEMORY;
return result;
}
-NTSTATUS gums_init_builtin_groups(void)
+NTSTATUS gums_make_domain(DOM_SID *sid, const char *name, const char *description)
{
- NTSTATUS result;
- GUMS_OBJECT g_obj;
- GUMS_GROUP *g_grp;
- GUMS_PRIVILEGE g_priv;
-
- /* Build the well known Builtin Local Groups */
- g_obj.type = GUMS_OBJ_GROUP;
- g_obj.version = 1;
- g_obj.seq_num = 0;
- g_obj.mem_ctx = talloc_init("gums_init_backend_acct");
- if (g_obj.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
+ NTSTATUS ret;
+ GUMS_OBJECT *go;
+ GUMS_FUNCTIONS *fns;
- /* Administrators * /
+ if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns)))
+ return ret;
- /* alloc group structure */
- g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP));
- ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done);
+ if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_DOMAIN)))
+ return ret;
- /* make admins sid */
- g_grp = (GUMS_GROUP *)g_obj.data.group;
- sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
+ ret = gums_set_object_sid(go, sid);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!");
- /* make security descriptor */
- result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
- NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
+ ret = gums_set_object_name(go, name);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!");
- /* make privilege set */
- /* From BDC join trace:
- SeSecurityPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- SeTakeOwnershipPrivilege
- SeDebugPrivilege
- SeSystemEnvironmentPrivilege
- SeSystemProfilePrivilege
- SeProfileSingleProcessPrivilege
- SeIncreaseBasePriorityPrivilege
- SeLocalDriverPrivilege
- SeCreatePagefilePrivilege
- SeIncreaseQuotaPrivilege
- */
+ if (description) {
+ ret = gums_set_object_description(go, description);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!");
+ }
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+ /* make security descriptor * /
+ ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx);
+ NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc");
+ */
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ ret = fns->set_object(go);
- /* numebr of group members */
- g_grp->count = 0;
- g_grp->members = NULL;
+done:
+ gums_destroy_object(&go);
+ return ret;
+}
- /* store Administrators group */
- result = gums_storage->set_object(&g_obj);
+NTSTATUS gums_make_alias(DOM_SID *sid, const char *name, const char *description)
+{
+ NTSTATUS ret;
+ GUMS_OBJECT *go;
+ GUMS_FUNCTIONS *fns;
- /* Power Users */
- /* Domain Controllers Does NOT have power Users */
+ if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns)))
+ return ret;
- sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
+ if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_ALIAS)))
+ return ret;
- /* make privilege set */
- /* SE_PRIV_??? */
+ ret = gums_set_object_sid(go, sid);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!");
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+ ret = gums_set_object_name(go, name);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!");
- /* set description */
-/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ if (description) {
+ ret = gums_set_object_description(go, description);
+ NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!");
+ }
- /* store Power Users group */
- result = gums_storage->set_object(&g_obj);
+ /* make security descriptor * /
+ ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx);
+ NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc");
+ */
- /* Account Operators */
+ ret = fns->set_object(go);
- sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
+done:
+ gums_destroy_object(&go);
+ return ret;
+}
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
+NTSTATUS gums_init_domain(DOM_SID *sid, const char *name)
+{
+ NTSTATUS ret;
+
+ /* Add the weelknown Builtin Domain */
+ if (!NT_STATUS_IS_OK(ret = gums_make_domain(
+ sid,
+ name,
+ NULL
+ ))) {
+ return ret;
+ }
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+ /* Add default users and groups */
+ /* Administrator
+ Guest
+ Domain Administrators
+ Domain Users
+ Domain Guests
+ */
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ return ret;
+}
- /* store Account Operators group */
- result = gums_storage->set_object(&g_obj);
+NTSTATUS gums_init_builtin_domain(void)
+{
+ NTSTATUS ret;
- /* Server Operators */
+ generate_wellknown_sids();
- sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
+ /* Add the weelknown Builtin Domain */
+ if (!NT_STATUS_IS_OK(ret = gums_make_domain(
+ &global_sid_Builtin,
+ "BUILTIN",
+ "Builtin Domain"
+ ))) {
+ return ret;
+ }
- /* make privilege set */
+ /* Add the well known Builtin Local Groups */
+
+ /* Administrators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Administrators,
+ "Administrators",
+ "Members can fully administer the computer/domain"
+ ))) {
+ return ret;
+ }
+ /* Administrator privilege set */
/* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
+ SeSecurityPrivilege, SeBackupPrivilege, SeRestorePrivilege,
+ SeSystemtimePrivilege, SeShutdownPrivilege,
+ SeRemoteShutdownPrivilege, SeTakeOwnershipPrivilege,
+ SeDebugPrivilege, SeSystemEnvironmentPrivilege,
+ SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege,
+ SeIncreaseBasePriorityPrivilege, SeLocalDriverPrivilege,
+ SeCreatePagefilePrivilege, SeIncreaseQuotaPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Server Operators group */
- result = gums_storage->set_object(&g_obj);
+ /* Power Users */
+ /* Domain Controllers Does NOT have Power Users (?) */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Power_Users,
+ "Power Users",
+ "Power Users"
+ ))) {
+ return ret;
+ }
- /* Print Operators */
+ /* Power Users privilege set */
+ /* (?) */
- sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
+ /* Account Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Account_Operators,
+ "Account Operators",
+ "Members can administer domain user and group accounts"
+ ))) {
+ return ret;
+ }
/* make privilege set */
/* From BDC join trace:
SeShutdownPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Print Operators group */
- result = gums_storage->set_object(&g_obj);
+ /* Server Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Server_Operators,
+ "Server Operators",
+ "Members can administer domain servers"
+ ))) {
+ return ret;
+ }
- /* Backup Operators */
+ /* make privilege set */
+ /* From BDC join trace:
+ SeBackupPrivilege, SeRestorePrivilege, SeSystemtimePrivilege,
+ SeShutdownPrivilege, SeRemoteShutdownPrivilege
+ */
- sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
+ /* Print Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Print_Operators,
+ "Print Operators",
+ "Members can administer domain printers"
+ ))) {
+ return ret;
+ }
/* make privilege set */
/* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
SeShutdownPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+ /* Backup Operators */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Backup_Operators,
+ "Backup Operators",
+ "Members can bypass file security to backup files"
+ ))) {
+ return ret;
+ }
- /* store Backup Operators group */
- result = gums_storage->set_object(&g_obj);
+ /* make privilege set */
+ /* From BDC join trace:
+ SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege
+ */
/* Replicator */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Replicator,
+ "Replicator",
+ "Supports file replication in a domain"
+ ))) {
+ return ret;
+ }
/* make privilege set */
/* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
+ SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege
*/
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Replicator group */
- result = gums_storage->set_object(&g_obj);
-
/* Users */
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Users,
+ "Users",
+ "Ordinary users"
+ ))) {
+ return ret;
+ }
- sid_copy(g_obj.sid, &global_sid_Builtin_Users);
-
- /* add ACE to sec dsec dacl */
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Users group */
- result = gums_storage->set_object(&g_obj);
+ /* Users specific ACEs * /
+ sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
+ sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
+ */
/* Guests */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Guests group */
- result = gums_storage->set_object(&g_obj);
-
- /* set default privileges */
- g_priv.type = GUMS_OBJ_GROUP;
- g_priv.version = 1;
- g_priv.seq_num = 0;
- g_priv.mem_ctx = talloc_init("gums_init_backend_priv");
- if (g_priv.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
+ if (!NT_STATUS_IS_OK(ret = gums_make_alias(
+ &global_sid_Builtin_Guests,
+ "Guests",
+ "Users granted guest access to the computer/domain"
+ ))) {
+ return ret;
}
-
-
-done:
- talloc_destroy(g_obj.mem_ctx);
- talloc_destroy(g_priv.mem_ctx);
- return result;
+ return ret;
}
-#endif
git.samba.org / ira / wip.git / commitdiff