samrd/srv_samr_usr_tdb.o \
samrd/srv_samr_grp_tdb.o \
samrd/srv_samr_als_tdb.o \
- samrd/srv_samr_tdb.o
+ samrd/srv_samr_tdb.o \
+ samrd/samr_util.o
SAMRNT5LDAPLIB_OBJ = lib/util_pwdb.o lib/domain_namemap.o \
samrd/srv_samr_usr_nt5ldap.o \
samrd/srv_samr_dom_nt5ldap.o \
- samrd/srv_samr_nt5ldap.o
+ samrd/srv_samr_nt5ldap.o \
+ samrd/samr_util.o
# samrd/srv_samr_sam_nt5ldap.o \
# samrd/srv_samr_grp_nt5ldap.o \
# samrd/srv_samr_als_nt5ldap.o \
SAMRPASSLIB_OBJ = rpc_server/srv_lookup.o \
samrd/srv_samr_passdb.o \
- smbd/chgpasswd.o
+ smbd/chgpasswd.o \
+ samrd/samr_util.o
SAMRD_OBJ1 = samrd/samrd.o \
rpc_server/srv_pipe_ntlmssp.o \
lib/sursalgnt5ldap.o \
lib/surstdb.o
-SAMRD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAM_PWDB_LIB) $(LIBSURS)
+SAMRD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAM_PWDB_LIB) \
+ $(LIBSURS)
-SAMRPASSD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRPASSLIB) $(SMBPWLIB)
+SAMRPASSD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRPASSLIB) $(SMBPWLIB) \
+ $(LIBSURS)
-SAMRTDBD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRTDBLIB)
+SAMRTDBD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRTDBLIB) \
+ $(LIBSURS)
-SAMRNT5LDAPD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRNT5LDAPLIB)
+SAMRNT5LDAPD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRNT5LDAPLIB) \
+ $(LIBSURS)
NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \
extern DOM_SID global_sid_S_1_5; /* NT Authority */
extern DOM_SID global_sid_system; /* SYSTEM */
+extern const DOM_SID *global_sid_everyone;
+
#endif /* _SIDS_H */
Unix SMB/Netbios implementation.
Version 1.9.
Samba utility functions
- Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Andrew Tridgell 1992-2000,
+ Copyright (C) Elrond 2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
DOM_SID global_sid_system; /* NT System */
DOM_SID global_sid_S_1_1_0; /* everyone */
+const DOM_SID *global_sid_everyone = NULL;
+
struct sid_map
{
DOM_SID *sid;
string_to_sid(&global_sid_S_1_3 , "S-1-3" );
string_to_sid(&global_sid_S_1_5 , "S-1-5" );
string_to_sid(&global_sid_system , "S-1-5-17");
+
+ global_sid_everyone = &global_sid_S_1_1_0;
}
/****************************************************************************
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-2000,
* Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ * Copyright (C) Elrond 2000
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
if (p && p->open)
{
- DEBUG(3,("Setting policy state pnum=%x\n", p->pnum));
+ DEBUG(3, ("policy(pnum=%x %s): Setting policy state\n",
+ p->pnum, pol_get_name(p)));
p->dev = dev;
p->free_fn = fn;
pstrcat(sidstr_out, subauth);
}
- DEBUG(7,("sid_to_string returning %s\n", sidstr_out));
+ DEBUG(20, ("sid_to_string returning %s\n", sidstr_out));
return sidstr_out;
}
NT Domain Authentication SMB / MSRPC client
Copyright (C) Andrew Tridgell 1994-2000
Copyright (C) Luke Kenneth Casson Leighton 1996-2000
+ Copyright (C) Elrond 2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
SAMR_R_ENUM_DOM_GROUPS r_e;
BOOL p;
+ ZERO_STRUCT(r_e);
+
samr_io_r_enum_dom_groups("", &r_e, &rdata, 0);
status = r_e.status;
prs_init(&rdata, 0, 4, True );
/* store the parameters */
- make_samr_q_query_useraliases(&q_o, pol, ptr_sid, sid);
+ make_samr_q_query_useraliases(&q_o, pol, 1, ptr_sid, sid);
/* turn parameters into data stream */
if (samr_io_q_query_useraliases("", &q_o, &data, 0) &&
* Unix SMB/Netbios implementation.
* Version 1.9.
* RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-1999,
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1999,
- * Copyright (C) Paul Ashton 1997-1999.
+ * Copyright (C) Andrew Tridgell 1992-2000,
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ * Copyright (C) Paul Ashton 1997-2000,
+ * Copyright (C) Elrond 2000
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
DEBUG(5,("samr_make_samr_q_query_sec_obj\n"));
- memcpy(&q_u->user_pol, user_pol, sizeof(q_u->user_pol));
+ q_u->user_pol = *user_pol;
q_u->sec_info = sec_info;
return True;
DEBUG(5,("samr_make_samr_q_query_dom_info\n"));
- memcpy(&q_u->domain_pol, domain_pol, sizeof(q_u->domain_pol));
+ q_u->domain_pol = *domain_pol;
q_u->switch_value = switch_value;
return True;
prs_align(ps);
- smb_io_unistr2("unistr2", &(sam->uni_acct_name), acct_buf, ps, depth); /* account name unicode string */
+ smb_io_unistr2("name", &(sam->uni_acct_name), acct_buf, ps, depth); /* account name unicode string */
prs_align(ps);
- smb_io_unistr2("unistr2", &(sam->uni_full_name), name_buf, ps, depth); /* full name unicode string */
+ smb_io_unistr2("full_name", &(sam->uni_full_name), name_buf, ps, depth); /* full name unicode string */
prs_align(ps);
- smb_io_unistr2("unistr2", &(sam->uni_acct_desc), desc_buf, ps, depth); /* account desc unicode string */
+ smb_io_unistr2("desc", &(sam->uni_acct_desc), desc_buf, ps, depth); /* account desc unicode string */
prs_align(ps);
return True;
DEBUG(5,("make_samr_q_enum_dom_users\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->start_idx = start_idx; /* zero indicates lots */
q_e->acb_mask = acb_mask;
DEBUG(5,("make_samr_q_query_dispinfo\n"));
- memcpy(&(q_e->domain_pol), pol, sizeof(*pol));
+ q_e->domain_pol = *pol;
q_e->switch_level = switch_level;
DEBUG(5,("make_samr_q_open_group\n"));
- memcpy(&(q_c->domain_pol), hnd, sizeof(q_c->domain_pol));
+ q_c->domain_pol = *hnd;
q_c->access_mask = access_mask;
q_c->rid_group = rid;
DEBUG(5,("make_samr_q_create_dom_group\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
make_uni_hdr(&(q_e->hdr_acct_desc), acct_len);
make_unistr2(&(q_e->uni_acct_desc), acct_desc, acct_len);
DEBUG(5,("make_samr_q_delete_dom_group\n"));
- memcpy(&(q_c->group_pol), hnd, sizeof(q_c->group_pol));
+ q_c->group_pol = *hnd;
return True;
}
DEBUG(5,("make_samr_q_del_groupmem\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->rid = rid;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
DEBUG(5,("make_samr_q_add_groupmem\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->rid = rid;
q_e->unknown = 0x0005;
DEBUG(5,("make_samr_q_set_groupinfo\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->ctr = ctr;
return True;
DEBUG(5,("make_samr_q_query_groupinfo\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->switch_level = switch_level;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
DEBUG(5,("make_samr_q_query_groupmem\n"));
- memcpy(&(q_c->group_pol), hnd, sizeof(q_c->group_pol));
+ q_c->group_pol = *hnd;
return True;
}
/*******************************************************************
makes a SAMR_Q_ENUM_DOMAINS structure.
********************************************************************/
-BOOL make_samr_q_enum_domains(SAMR_Q_ENUM_DOMAINS *q_e, POLICY_HND *pol,
- uint32 start_idx, uint32 size)
+BOOL make_samr_q_enum_domains(SAMR_Q_ENUM_DOMAINS *q_e,
+ const POLICY_HND *pol,
+ uint32 start_idx, uint32 size)
{
if (q_e == NULL || pol == NULL) return False;
DEBUG(5,("make_samr_q_enum_domains\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->start_idx = start_idx;
q_e->max_size = size;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
return True;
}
+
/*******************************************************************
makes a SAMR_Q_ENUM_DOM_GROUPS structure.
********************************************************************/
-BOOL make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol,
- uint32 start_idx, uint32 size)
+BOOL make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e,
+ const POLICY_HND *pol,
+ uint32 start_idx, uint32 size)
{
if (q_e == NULL || pol == NULL) return False;
DEBUG(5,("make_samr_q_enum_dom_groups\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->start_idx = start_idx;
q_e->max_size = size;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
DEBUG(5,("make_samr_q_enum_dom_aliases\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->start_idx = start_idx;
q_e->max_size = size;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
makes a SAMR_Q_QUERY_ALIASINFO structure.
********************************************************************/
BOOL make_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_e,
- POLICY_HND *pol,
- uint16 switch_level)
+ const POLICY_HND *pol, uint16 switch_level)
{
if (q_e == NULL || pol == NULL) return False;
DEBUG(5,("make_samr_q_query_aliasinfo\n"));
- memcpy(&(q_e->pol), pol, sizeof(*pol));
+ q_e->pol = *pol;
q_e->switch_level = switch_level;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
return True;
}
-
/*******************************************************************
makes a SAMR_R_QUERY_ALIASINFO structure.
********************************************************************/
-BOOL make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, ALIAS_INFO_CTR *ctr,
- uint32 status)
+BOOL make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u,
+ ALIAS_INFO_CTR *ctr, uint32 status)
{
if (r_u == NULL) return False;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
/*******************************************************************
makes a SAMR_Q_SET_ALIASINFO structure.
********************************************************************/
-BOOL make_samr_q_set_aliasinfo(SAMR_Q_SET_ALIASINFO *q_u, POLICY_HND *hnd,
- ALIAS_INFO_CTR *ctr)
+BOOL make_samr_q_set_aliasinfo(SAMR_Q_SET_ALIASINFO *q_u,
+ const POLICY_HND *hnd,
+ ALIAS_INFO_CTR *ctr)
{
if (q_u == NULL) return False;
DEBUG(5,("make_samr_q_set_aliasinfo\n"));
- memcpy(&(q_u->alias_pol), hnd, sizeof(q_u->alias_pol));
+ q_u->alias_pol = *hnd;
q_u->ctr = ctr;
return True;
}
-
/*******************************************************************
reads or writes a structure.
********************************************************************/
}
-
/*******************************************************************
makes a SAMR_Q_QUERY_USERALIASES structure.
********************************************************************/
BOOL make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
- const POLICY_HND *hnd,
- uint32 *ptr_sid, DOM_SID2 *sid)
+ const POLICY_HND *hnd,
+ uint32 num_sids,
+ uint32 *ptr_sid, DOM_SID2 *sid)
{
if (q_u == NULL || hnd == NULL) return False;
DEBUG(5,("make_samr_q_query_useraliases\n"));
- memcpy(&(q_u->pol), hnd, sizeof(q_u->pol));
+ q_u->pol = *hnd;
- q_u->num_sids1 = 1;
+ q_u->num_sids1 = num_sids;
q_u->ptr = 1;
- q_u->num_sids2 = 1;
+ q_u->num_sids2 = num_sids;
q_u->ptr_sid = ptr_sid;
q_u->sid = sid;
extern int DEBUGLEVEL;
-extern fstring global_sam_name;
-extern pstring global_myname;
-extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_1;
-extern DOM_SID global_sid_S_1_5_20;
-
/*******************************************************************
api_samr_close_hnd
********************************************************************/
}
r_u.status = _samr_query_sec_obj(&q_u.user_pol, &r_u.buf);
+ if (r_u.buf.len == 0)
+ {
+ return False;
+ }
r_u.ptr = 1; /* man, we don't have any choice! NT bombs otherwise! */
return samr_io_r_query_sec_obj("", &r_u, rdata, 0);
}
sid_to_string(sid, &sid1);
fstrcpy(domain, info->dom.level5_dom);
- if (sid1.num_auths == 0)
- {
- if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) != 0x0)
- {
- report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
- return;
- }
- }
-
- while ((opt = getopt(argc, argv, "ma")) != EOF)
+ while ((opt = getopt(argc, argv, "mad:")) != EOF)
{
switch (opt)
{
+ case 'd':
+ {
+ fill_domain_sid(srv_name, optarg,
+ domain, &sid1);
+ break;
+ }
case 'm':
{
request_member_info = True;
}
}
+ if (sid1.num_auths == 0)
+ {
+ if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) != 0x0)
+ {
+ report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
+ return;
+ }
+ }
+
report(out_hnd, "SAM Enumerate Aliases\n");
msrpc_sam_enum_aliases(srv_name, domain, &sid1,
*/
#include "includes.h"
+#include "rpcclient.h"
/****************************************************************************
convert a security permissions into a string
****************************************************************************/
-char *get_sec_mask_str(uint32 type)
+static const char *get_sec_mask_str(uint32 type)
{
static fstring typestr;
int i;
/****************************************************************************
display sec_access structure
****************************************************************************/
-void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *const info)
+static void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *const info)
{
switch (action)
{
/****************************************************************************
display sec_ace structure
****************************************************************************/
-void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *const ace)
+static void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *const ace)
{
switch (action)
{
{
fstring sid_str;
+ report(out_hnd,
+ "\t\tType:%2x Flags:%2x Perms:%04x\n",
+ ace->type, ace->flags,
+ (uint32) ace->info.mask);
+
display_sec_access(out_hnd, ACTION_HEADER , &ace->info);
display_sec_access(out_hnd, ACTION_ENUMERATE, &ace->info);
display_sec_access(out_hnd, ACTION_FOOTER , &ace->info);
/****************************************************************************
display sec_acl structure
****************************************************************************/
-void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *const sec_acl)
+static void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *const sec_acl)
{
if (sec_acl == NULL)
{
--- /dev/null
+/*
+ * Unix SMB/Netbios implementation.
+ * Version 1.9.
+ * RPC Pipe client / server routines
+ * Copyright (C) Andrew Tridgell 1992-2000,
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
+ * Copyright (C) Sander Striker 2000,
+ * Copyright (C) Elrond 2000
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+#include "includes.h"
+#include "rpc_parse.h"
+#include "nterr.h"
+#include "sids.h"
+
+extern int DEBUGLEVEL;
+
+
+/*******************************************************************
+ samr_make_usr_obj_sd
+ ********************************************************************/
+uint32 samr_make_usr_obj_sd(SEC_DESC_BUF *buf, DOM_SID *usr_sid)
+{
+ DOM_SID adm_sid;
+ DOM_SID act_sid;
+ DOM_SID glb_sid;
+
+ SEC_ACL *dacl = NULL;
+ SEC_ACE *dace = NULL;
+ SEC_ACCESS mask;
+ SEC_DESC *sec = NULL;
+ int len;
+
+ DEBUG(15, ("samr_make_usr_obj_sd: %d\n", __LINE__));
+
+ dacl = malloc(sizeof(*dacl));
+ dace = malloc(4 * sizeof(*dace));
+ sec = malloc(sizeof(*sec));
+
+ if (dacl == NULL || dace == NULL || sec == NULL)
+ {
+ safe_free(dacl);
+ safe_free(dace);
+ safe_free(sec);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sid_copy(&adm_sid, &global_sid_S_1_5_20);
+ sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+ sid_copy(&act_sid, &global_sid_S_1_5_20);
+ sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
+
+ sid_copy(&glb_sid, global_sid_everyone);
+
+ mask.mask = 0x2035b;
+ make_sec_ace(&dace[0], &glb_sid, 0, mask, 0);
+ mask.mask = 0xf07ff;
+ make_sec_ace(&dace[1], &adm_sid, 0, mask, 0);
+ make_sec_ace(&dace[2], &act_sid, 0, mask, 0);
+ mask.mask = 0x20044;
+ make_sec_ace(&dace[3], usr_sid, 0, mask, 0);
+
+ make_sec_acl(dacl, 2, 4, dace);
+
+ len = make_sec_desc(sec, 1,
+ SEC_DESC_DACL_PRESENT|SEC_DESC_SELF_RELATIVE,
+ NULL, NULL, NULL, dacl);
+
+ make_sec_desc_buf(buf, len, sec);
+ buf->undoc = 0x1;
+
+ return NT_STATUS_NOPROBLEMO;
+}
return NT_STATUS_ACCESS_DENIED;
}
+ policy_hnd_set_name(get_global_hnd_cache(), domain_pol, "domain_pol");
+
/* associate the domain SID with the (unique) handle. */
if (!set_tdbdomsid(get_global_hnd_cache(), domain_pol,
NULL, NULL, NULL, NULL, NULL, sid))
********************************************************************/
uint32 _samr_close(POLICY_HND *hnd)
{
- /* set up the SAMR unknown_1 response */
-
/* close the policy handle */
if (close_policy_hnd(get_global_hnd_cache(), hnd))
{
- bzero(hnd, sizeof(*hnd));
return NT_STATUS_NOPROBLEMO;
}
return NT_STATUS_OBJECT_NAME_INVALID;
#endif
DEBUG(5,("samr_query_sec_obj: %d\n", __LINE__));
- return NT_STATUS_NOPROBLEMO;
+ return samr_make_usr_obj_sd(buf, &usr_sid);
}
/*******************************************************************
return NT_STATUS_ACCESS_DENIED;
}
+ policy_hnd_set_name(get_global_hnd_cache(), pol, "sam_connect");
+
become_root(True);
sam_tdb = tdb_open(passdb_path("sam.tdb"), 0, 0, O_RDONLY, 0644);
unbecome_root(True);
{
uint32 rid;
DOM_SID usr_sid;
- DOM_SID adm_sid;
- DOM_SID glb_sid;
TDB_CONTEXT *tdb = NULL;
- SEC_ACL *dacl = NULL;
- SEC_ACE *dace = NULL;
- SEC_ACCESS mask;
- SEC_DESC *sec = NULL;
- int len;
/* find the policy handle. open a policy on it. */
if (!get_tdbrid(get_global_hnd_cache(), pol, &tdb, NULL, NULL, &rid))
return NT_STATUS_INVALID_HANDLE;
}
- dacl = malloc(sizeof(*dacl));
- dace = malloc(3 * sizeof(*dace));
- sec = malloc(sizeof(*sec));
-
- if (dacl == NULL || dace == NULL || sec == NULL)
- {
- safe_free(dacl);
- safe_free(dace);
- safe_free(sec);
- return NT_STATUS_NO_MEMORY;
- }
-
sid_copy(&usr_sid, &global_sam_sid);
sid_append_rid(&usr_sid, rid);
- sid_copy(&adm_sid, &global_sid_S_1_5_20);
- sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-
- sid_copy(&glb_sid, &global_sid_S_1_1);
- sid_append_rid(&glb_sid, 0x0);
-
-
- mask.mask = 0x20044;
- make_sec_ace(&dace[0], &usr_sid, 0, mask, 0);
- mask.mask = 0xf07ff;
- make_sec_ace(&dace[1], &adm_sid, 0, mask, 0);
- mask.mask = 0x2035b;
- make_sec_ace(&dace[2], &glb_sid, 0, mask, 0);
-
- make_sec_acl(dacl, 2, 3, dace);
-
- len = make_sec_desc(sec, 1,
- SEC_DESC_DACL_PRESENT|SEC_DESC_SELF_RELATIVE,
- NULL, NULL, NULL, dacl);
-
- make_sec_desc_buf(buf, len, sec);
- buf->undoc = 0x1;
-
DEBUG(5,("samr_query_sec_obj: %d\n", __LINE__));
- return NT_STATUS_NOPROBLEMO;
+ return samr_make_usr_obj_sd(buf, &usr_sid);;
}
}
TDB_SAM_INFO;
+
+#define POL_TYPE_TDBRID 1
+#define POL_TYPE_TDBSAM 2
+
+
static void free_tdbdom_info(void *dev)
{
TDB_DOM_INFO *tdbi = (TDB_DOM_INFO *) dev;
(void *)dev))
{
DEBUG(3, ("Service setting policy rid=%x\n", rid));
+ policy_hnd_set_state_type(cache, hnd,
+ POL_TYPE_TDBRID);
return True;
}
free(dev);
TDB_CONTEXT ** usr_tdb,
TDB_CONTEXT ** grp_tdb, TDB_CONTEXT ** als_tdb, uint32 * rid)
{
- TDB_RID_INFO *dev =
- (TDB_RID_INFO *) get_policy_state_info(cache, hnd);
+ TDB_RID_INFO *dev;
+
+ if (!policy_hnd_check_state_type(cache, hnd, POL_TYPE_TDBRID))
+ {
+ DEBUG(1, ("WARNING: get_tdbrid: handle has wrong type!\n"));
+ }
+
+ dev = (TDB_RID_INFO *) get_policy_state_info(cache, hnd);
if (dev != NULL)
{
BOOL set_tdbsam(struct policy_cache *cache, POLICY_HND *hnd,
TDB_CONTEXT * tdb)
{
- pstring sidstr;
TDB_SAM_INFO *dev = malloc(sizeof(*dev));
if (dev != NULL)
if (set_policy_state
(cache, hnd, free_tdbsam_info, (void *)dev))
{
- DEBUG(3, ("Service setting policy sid=%s\n", sidstr));
+ DEBUG(3, ("Service setting policy sam\n"));
+ policy_hnd_set_state_type(cache, hnd,
+ POL_TYPE_TDBSAM);
return True;
}
free(dev);
BOOL get_tdbsam(struct policy_cache *cache, const POLICY_HND *hnd,
TDB_CONTEXT ** tdb)
{
- TDB_SAM_INFO *dev =
- (TDB_SAM_INFO *) get_policy_state_info(cache, hnd);
+ TDB_SAM_INFO *dev;
+
+ if (!policy_hnd_check_state_type(cache, hnd, POL_TYPE_TDBSAM))
+ {
+ DEBUG(1, ("WARNING: get_tdbsam: handle has wrong type!\n"));
+ }
+
+ dev = (TDB_SAM_INFO *) get_policy_state_info(cache, hnd);
if (dev != NULL)
{
return NT_STATUS_ACCESS_DENIED;
}
+ policy_hnd_set_name(get_global_hnd_cache(), pol, "sam_user");
+
if (usr_tdb == NULL && ace_perms == SEC_RIGHTS_MAXIMUM_ALLOWED)
{
DEBUG(10, ("samr_open_user_tdb: max perms requested\n"));