#include "libcli/security/security.h"
#include "rpc_server/samr/proto.h"
#include "db_wrap.h"
+#include "param/param.h"
/* these query macros make samr_Query[User|Group]Info a bit easier to read */
r->out.info->field = samdb_result_uint(msg, attr, 0);
#define QUERY_RID(msg, field, attr) \
r->out.info->field = samdb_result_rid_from_sid(mem_ctx, msg, attr, 0);
-#define QUERY_NTTIME(msg, field, attr) \
- r->out.info->field = samdb_result_nttime(msg, attr, 0);
+#define QUERY_UINT64(msg, field, attr) \
+ r->out.info->field = samdb_result_uint64(msg, attr, 0);
#define QUERY_APASSC(msg, field, attr) \
r->out.info->field = samdb_result_allow_password_change(sam_ctx, mem_ctx, \
a_state->domain_state->domain_dn, msg, attr);
struct ldb_message **dom_msgs,
struct samr_DomInfo2 *info)
{
- enum server_role role = lp_server_role();
+ enum server_role role = lp_server_role(global_loadparm);
/* This pulls the NetBIOS name from the
cn=NTDS Settings,cn=<NETBIOS name of PDC>,....
struct samr_DomInfo7 *info)
{
- enum server_role role = lp_server_role();
+ enum server_role role = lp_server_role(global_loadparm);
switch (role) {
case ROLE_DOMAIN_CONTROLLER:
QUERY_STRING(msg, info3.logon_script, "scriptPath");
QUERY_STRING(msg, info3.profile_path, "profilePath");
QUERY_STRING(msg, info3.workstations, "userWorkstations");
- QUERY_NTTIME(msg, info3.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info3.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info3.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info3.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info3.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info3.last_password_change, "pwdLastSet");
QUERY_APASSC(msg, info3.allow_password_change, "pwdLastSet");
QUERY_FPASSC(msg, info3.force_password_change, "pwdLastSet");
QUERY_LHOURS(msg, info3.logon_hours, "logonHours");
QUERY_STRING(msg, info5.profile_path, "profilePath");
QUERY_STRING(msg, info5.description, "description");
QUERY_STRING(msg, info5.workstations, "userWorkstations");
- QUERY_NTTIME(msg, info5.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info5.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info5.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info5.last_logoff, "lastLogoff");
QUERY_LHOURS(msg, info5.logon_hours, "logonHours");
QUERY_UINT (msg, info5.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info5.logon_count, "logonCount");
- QUERY_NTTIME(msg, info5.last_password_change, "pwdLastSet");
- QUERY_NTTIME(msg, info5.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info5.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info5.acct_expiry, "accountExpires");
QUERY_AFLAGS(msg, info5.acct_flags, "userAccountControl");
break;
break;
case 17:
- QUERY_NTTIME(msg, info17.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info17.acct_expiry, "accountExpires");
+ break;
case 20:
QUERY_STRING(msg, info20.parameters, "userParameters");
break;
case 21:
- QUERY_NTTIME(msg, info21.last_logon, "lastLogon");
- QUERY_NTTIME(msg, info21.last_logoff, "lastLogoff");
- QUERY_NTTIME(msg, info21.last_password_change, "pwdLastSet");
- QUERY_NTTIME(msg, info21.acct_expiry, "accountExpires");
+ QUERY_UINT64(msg, info21.last_logon, "lastLogon");
+ QUERY_UINT64(msg, info21.last_logoff, "lastLogoff");
+ QUERY_UINT64(msg, info21.last_password_change, "pwdLastSet");
+ QUERY_UINT64(msg, info21.acct_expiry, "accountExpires");
QUERY_APASSC(msg, info21.allow_password_change,"pwdLastSet");
QUERY_FPASSC(msg, info21.force_password_change,"pwdLastSet");
QUERY_STRING(msg, info21.account_name, "sAMAccountName");
break;
case 21:
-#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
+#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info21.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info21.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
IFSET(SAMR_FIELD_COUNTRY_CODE)
SET_UINT (msg, info21.country_code, "countryCode");
IFSET(SAMR_FIELD_CODE_PAGE)
- SET_UINT (msg, info21.code_page, "codePage");
-
-
- /* Any reason the rest of these can't be set? */
+ SET_UINT (msg, info21.code_page, "codePage");
#undef IFSET
break;
case 23:
#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info23.info.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info23.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
case 25:
#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
+ IFSET(SAMR_FIELD_ACCT_EXPIRY)
+ SET_UINT64(msg, info25.info.acct_expiry, "accountExpires");
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info25.info.account_name, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
samdb_result_string(res[i], "description", "");
break;
case 2:
- if (!(samdb_result_acct_flags(res[i],
- "userAccountControl") & ACB_WSTRUST)) {
- /* Domain controllers match the
- * filter, but should not be included
- * in the output */
- continue;
- }
entriesFull[count].idx = count + 1;
entriesFull[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];