s3-samr: fix _samr_LookupNames return code.
[kai/samba.git] / source3 / rpc_server / srv_samr_nt.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell                   1992-1997,
5  *  Copyright (C) Luke Kenneth Casson Leighton      1996-1997,
6  *  Copyright (C) Paul Ashton                       1997,
7  *  Copyright (C) Marc Jacobsen                     1999,
8  *  Copyright (C) Jeremy Allison                    2001-2008,
9  *  Copyright (C) Jean Fran├žois Micouleau           1998-2001,
10  *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>   2002,
11  *  Copyright (C) Gerald (Jerry) Carter             2003-2004,
12  *  Copyright (C) Simo Sorce                        2003.
13  *  Copyright (C) Volker Lendecke                   2005.
14  *  Copyright (C) Guenther Deschner                 2008.
15  *
16  *  This program is free software; you can redistribute it and/or modify
17  *  it under the terms of the GNU General Public License as published by
18  *  the Free Software Foundation; either version 3 of the License, or
19  *  (at your option) any later version.
20  *
21  *  This program is distributed in the hope that it will be useful,
22  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
23  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24  *  GNU General Public License for more details.
25  *
26  *  You should have received a copy of the GNU General Public License
27  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
28  */
29
30 /*
31  * This is the implementation of the SAMR code.
32  */
33
34 #include "includes.h"
35
36 #undef DBGC_CLASS
37 #define DBGC_CLASS DBGC_RPC_SRV
38
39 #define SAMR_USR_RIGHTS_WRITE_PW \
40                 ( READ_CONTROL_ACCESS           | \
41                   SAMR_USER_ACCESS_CHANGE_PASSWORD      | \
42                   SAMR_USER_ACCESS_SET_LOC_COM)
43 #define SAMR_USR_RIGHTS_CANT_WRITE_PW \
44                 ( READ_CONTROL_ACCESS | SAMR_USER_ACCESS_SET_LOC_COM )
45
46 #define DISP_INFO_CACHE_TIMEOUT 10
47
48 #define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */
49 #define MAX_SAM_ENTRIES_W95 50
50
51 typedef struct disp_info {
52         DOM_SID sid; /* identify which domain this is. */
53         bool builtin_domain; /* Quick flag to check if this is the builtin domain. */
54         struct pdb_search *users; /* querydispinfo 1 and 4 */
55         struct pdb_search *machines; /* querydispinfo 2 */
56         struct pdb_search *groups; /* querydispinfo 3 and 5, enumgroups */
57         struct pdb_search *aliases; /* enumaliases */
58
59         uint16 enum_acb_mask;
60         struct pdb_search *enum_users; /* enumusers with a mask */
61
62         struct timed_event *cache_timeout_event; /* cache idle timeout
63                                                   * handler. */
64 } DISP_INFO;
65
66 /* We keep a static list of these by SID as modern clients close down
67    all resources between each request in a complete enumeration. */
68
69 struct samr_info {
70         /* for use by the \PIPE\samr policy */
71         DOM_SID sid;
72         bool builtin_domain; /* Quick flag to check if this is the builtin domain. */
73         uint32 status; /* some sort of flag.  best to record it.  comes from opnum 0x39 */
74         uint32 acc_granted;
75         DISP_INFO *disp_info;
76         TALLOC_CTX *mem_ctx;
77 };
78
79 static const struct generic_mapping sam_generic_mapping = {
80         GENERIC_RIGHTS_SAM_READ,
81         GENERIC_RIGHTS_SAM_WRITE,
82         GENERIC_RIGHTS_SAM_EXECUTE,
83         GENERIC_RIGHTS_SAM_ALL_ACCESS};
84 static const struct generic_mapping dom_generic_mapping = {
85         GENERIC_RIGHTS_DOMAIN_READ,
86         GENERIC_RIGHTS_DOMAIN_WRITE,
87         GENERIC_RIGHTS_DOMAIN_EXECUTE,
88         GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
89 static const struct generic_mapping usr_generic_mapping = {
90         GENERIC_RIGHTS_USER_READ,
91         GENERIC_RIGHTS_USER_WRITE,
92         GENERIC_RIGHTS_USER_EXECUTE,
93         GENERIC_RIGHTS_USER_ALL_ACCESS};
94 static const struct generic_mapping usr_nopwchange_generic_mapping = {
95         GENERIC_RIGHTS_USER_READ,
96         GENERIC_RIGHTS_USER_WRITE,
97         GENERIC_RIGHTS_USER_EXECUTE & ~SAMR_USER_ACCESS_CHANGE_PASSWORD,
98         GENERIC_RIGHTS_USER_ALL_ACCESS};
99 static const struct generic_mapping grp_generic_mapping = {
100         GENERIC_RIGHTS_GROUP_READ,
101         GENERIC_RIGHTS_GROUP_WRITE,
102         GENERIC_RIGHTS_GROUP_EXECUTE,
103         GENERIC_RIGHTS_GROUP_ALL_ACCESS};
104 static const struct generic_mapping ali_generic_mapping = {
105         GENERIC_RIGHTS_ALIAS_READ,
106         GENERIC_RIGHTS_ALIAS_WRITE,
107         GENERIC_RIGHTS_ALIAS_EXECUTE,
108         GENERIC_RIGHTS_ALIAS_ALL_ACCESS};
109
110 /*******************************************************************
111 *******************************************************************/
112
113 static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size,
114                                      const struct generic_mapping *map,
115                                      DOM_SID *sid, uint32 sid_access )
116 {
117         DOM_SID domadmin_sid;
118         SEC_ACE ace[5];         /* at most 5 entries */
119         size_t i = 0;
120
121         SEC_ACL *psa = NULL;
122
123         /* basic access for Everyone */
124
125         init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
126                         map->generic_execute | map->generic_read, 0);
127
128         /* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
129
130         init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
131                         SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
132         init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators,
133                         SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
134
135         /* Add Full Access for Domain Admins if we are a DC */
136
137         if ( IS_DC ) {
138                 sid_copy( &domadmin_sid, get_global_sam_sid() );
139                 sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
140                 init_sec_ace(&ace[i++], &domadmin_sid,
141                         SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
142         }
143
144         /* if we have a sid, give it some special access */
145
146         if ( sid ) {
147                 init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0);
148         }
149
150         /* create the security descriptor */
151
152         if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) == NULL)
153                 return NT_STATUS_NO_MEMORY;
154
155         if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
156                                   SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
157                                   psa, sd_size)) == NULL)
158                 return NT_STATUS_NO_MEMORY;
159
160         return NT_STATUS_OK;
161 }
162
163 /*******************************************************************
164  Checks if access to an object should be granted, and returns that
165  level of access for further checks.
166 ********************************************************************/
167
168 static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
169                                           SE_PRIV *rights, uint32 rights_mask,
170                                           uint32 des_access, uint32 *acc_granted,
171                                           const char *debug )
172 {
173         NTSTATUS status = NT_STATUS_ACCESS_DENIED;
174         uint32 saved_mask = 0;
175
176         /* check privileges; certain SAM access bits should be overridden
177            by privileges (mostly having to do with creating/modifying/deleting
178            users and groups) */
179
180         if ( rights && user_has_any_privilege( token, rights ) ) {
181
182                 saved_mask = (des_access & rights_mask);
183                 des_access &= ~saved_mask;
184
185                 DEBUG(4,("access_check_samr_object: user rights access mask [0x%x]\n",
186                         rights_mask));
187         }
188
189
190         /* check the security descriptor first */
191
192         status = se_access_check(psd, token, des_access, acc_granted);
193         if (NT_STATUS_IS_OK(status)) {
194                 goto done;
195         }
196
197         /* give root a free pass */
198
199         if ( geteuid() == sec_initial_uid() ) {
200
201                 DEBUG(4,("%s: ACCESS should be DENIED  (requested: %#010x)\n", debug, des_access));
202                 DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n"));
203
204                 *acc_granted = des_access;
205
206                 status = NT_STATUS_OK;
207                 goto done;
208         }
209
210
211 done:
212         /* add in any bits saved during the privilege check (only
213            matters is status is ok) */
214
215         *acc_granted |= rights_mask;
216
217         DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
218                 debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
219                 des_access, *acc_granted));
220
221         return status;
222 }
223
224 /*******************************************************************
225  Checks if access to a function can be granted
226 ********************************************************************/
227
228 static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
229 {
230         DEBUG(5,("%s: access check ((granted: %#010x;  required: %#010x)\n",
231                 debug, acc_granted, acc_required));
232
233         /* check the security descriptor first */
234
235         if ( (acc_granted&acc_required) == acc_required )
236                 return NT_STATUS_OK;
237
238         /* give root a free pass */
239
240         if (geteuid() == sec_initial_uid()) {
241
242                 DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x;  required: %#010x)\n",
243                         debug, acc_granted, acc_required));
244                 DEBUGADD(4,("but overwritten by euid == 0\n"));
245
246                 return NT_STATUS_OK;
247         }
248
249         DEBUG(2,("%s: ACCESS DENIED (granted: %#010x;  required: %#010x)\n",
250                 debug, acc_granted, acc_required));
251
252         return NT_STATUS_ACCESS_DENIED;
253 }
254
255 /*******************************************************************
256  Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
257 ********************************************************************/
258
259 static void map_max_allowed_access(const NT_USER_TOKEN *token,
260                                         uint32_t *pacc_requested)
261 {
262         if (!((*pacc_requested) & MAXIMUM_ALLOWED_ACCESS)) {
263                 return;
264         }
265         *pacc_requested &= ~MAXIMUM_ALLOWED_ACCESS;
266
267         /* At least try for generic read. */
268         *pacc_requested = GENERIC_READ_ACCESS;
269
270         /* root gets anything. */
271         if (geteuid() == sec_initial_uid()) {
272                 *pacc_requested |= GENERIC_ALL_ACCESS;
273                 return;
274         }
275
276         /* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
277
278         if (is_sid_in_token(token, &global_sid_Builtin_Administrators) ||
279                         is_sid_in_token(token, &global_sid_Builtin_Account_Operators)) {
280                 *pacc_requested |= GENERIC_ALL_ACCESS;
281                 return;
282         }
283
284         /* Full access for DOMAIN\Domain Admins. */
285         if ( IS_DC ) {
286                 DOM_SID domadmin_sid;
287                 sid_copy( &domadmin_sid, get_global_sam_sid() );
288                 sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
289                 if (is_sid_in_token(token, &domadmin_sid)) {
290                         *pacc_requested |= GENERIC_ALL_ACCESS;
291                         return;
292                 }
293         }
294         /* TODO ! Check privileges. */
295 }
296
297 /*******************************************************************
298  Fetch or create a dispinfo struct.
299 ********************************************************************/
300
301 static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
302 {
303         /*
304          * We do a static cache for DISP_INFO's here. Explanation can be found
305          * in Jeremy's checkin message to r11793:
306          *
307          * Fix the SAMR cache so it works across completely insane
308          * client behaviour (ie.:
309          * open pipe/open SAMR handle/enumerate 0 - 1024
310          * close SAMR handle, close pipe.
311          * open pipe/open SAMR handle/enumerate 1024 - 2048...
312          * close SAMR handle, close pipe.
313          * And on ad-nausium. Amazing.... probably object-oriented
314          * client side programming in action yet again.
315          * This change should *massively* improve performance when
316          * enumerating users from an LDAP database.
317          * Jeremy.
318          *
319          * "Our" and the builtin domain are the only ones where we ever
320          * enumerate stuff, so just cache 2 entries.
321          */
322
323         static struct disp_info builtin_dispinfo;
324         static struct disp_info domain_dispinfo;
325
326         /* There are two cases to consider here:
327            1) The SID is a domain SID and we look for an equality match, or
328            2) This is an account SID and so we return the DISP_INFO* for our
329               domain */
330
331         if (psid == NULL) {
332                 return NULL;
333         }
334
335         if (sid_check_is_builtin(psid) || sid_check_is_in_builtin(psid)) {
336                 /*
337                  * Necessary only once, but it does not really hurt.
338                  */
339                 sid_copy(&builtin_dispinfo.sid, &global_sid_Builtin);
340
341                 return &builtin_dispinfo;
342         }
343
344         if (sid_check_is_domain(psid) || sid_check_is_in_our_domain(psid)) {
345                 /*
346                  * Necessary only once, but it does not really hurt.
347                  */
348                 sid_copy(&domain_dispinfo.sid, get_global_sam_sid());
349
350                 return &domain_dispinfo;
351         }
352
353         return NULL;
354 }
355
356 /*******************************************************************
357  Create a samr_info struct.
358 ********************************************************************/
359
360 static struct samr_info *get_samr_info_by_sid(DOM_SID *psid)
361 {
362         struct samr_info *info;
363         fstring sid_str;
364         TALLOC_CTX *mem_ctx;
365
366         if (psid) {
367                 sid_to_fstring(sid_str, psid);
368         } else {
369                 fstrcpy(sid_str,"(NULL)");
370         }
371
372         mem_ctx = talloc_init("samr_info for domain sid %s", sid_str);
373
374         if ((info = TALLOC_ZERO_P(mem_ctx, struct samr_info)) == NULL)
375                 return NULL;
376
377         DEBUG(10,("get_samr_info_by_sid: created new info for sid %s\n", sid_str));
378         if (psid) {
379                 sid_copy( &info->sid, psid);
380                 info->builtin_domain = sid_check_is_builtin(psid);
381         } else {
382                 DEBUG(10,("get_samr_info_by_sid: created new info for NULL sid.\n"));
383                 info->builtin_domain = False;
384         }
385         info->mem_ctx = mem_ctx;
386
387         info->disp_info = get_samr_dispinfo_by_sid(psid);
388
389         return info;
390 }
391
392 /*******************************************************************
393  Function to free the per SID data.
394  ********************************************************************/
395
396 static void free_samr_cache(DISP_INFO *disp_info)
397 {
398         DEBUG(10, ("free_samr_cache: deleting cache for SID %s\n",
399                    sid_string_dbg(&disp_info->sid)));
400
401         /* We need to become root here because the paged search might have to
402          * tell the LDAP server we're not interested in the rest anymore. */
403
404         become_root();
405
406         if (disp_info->users) {
407                 DEBUG(10,("free_samr_cache: deleting users cache\n"));
408                 pdb_search_destroy(disp_info->users);
409                 disp_info->users = NULL;
410         }
411         if (disp_info->machines) {
412                 DEBUG(10,("free_samr_cache: deleting machines cache\n"));
413                 pdb_search_destroy(disp_info->machines);
414                 disp_info->machines = NULL;
415         }
416         if (disp_info->groups) {
417                 DEBUG(10,("free_samr_cache: deleting groups cache\n"));
418                 pdb_search_destroy(disp_info->groups);
419                 disp_info->groups = NULL;
420         }
421         if (disp_info->aliases) {
422                 DEBUG(10,("free_samr_cache: deleting aliases cache\n"));
423                 pdb_search_destroy(disp_info->aliases);
424                 disp_info->aliases = NULL;
425         }
426         if (disp_info->enum_users) {
427                 DEBUG(10,("free_samr_cache: deleting enum_users cache\n"));
428                 pdb_search_destroy(disp_info->enum_users);
429                 disp_info->enum_users = NULL;
430         }
431         disp_info->enum_acb_mask = 0;
432
433         unbecome_root();
434 }
435
436 /*******************************************************************
437  Function to free the per handle data.
438  ********************************************************************/
439
440 static void free_samr_info(void *ptr)
441 {
442         struct samr_info *info=(struct samr_info *) ptr;
443
444         /* Only free the dispinfo cache if no one bothered to set up
445            a timeout. */
446
447         if (info->disp_info && info->disp_info->cache_timeout_event == NULL) {
448                 free_samr_cache(info->disp_info);
449         }
450
451         talloc_destroy(info->mem_ctx);
452 }
453
454 /*******************************************************************
455  Idle event handler. Throw away the disp info cache.
456  ********************************************************************/
457
458 static void disp_info_cache_idle_timeout_handler(struct event_context *ev_ctx,
459                                                  struct timed_event *te,
460                                                  const struct timeval *now,
461                                                  void *private_data)
462 {
463         DISP_INFO *disp_info = (DISP_INFO *)private_data;
464
465         TALLOC_FREE(disp_info->cache_timeout_event);
466
467         DEBUG(10, ("disp_info_cache_idle_timeout_handler: caching timed "
468                    "out\n"));
469         free_samr_cache(disp_info);
470 }
471
472 /*******************************************************************
473  Setup cache removal idle event handler.
474  ********************************************************************/
475
476 static void set_disp_info_cache_timeout(DISP_INFO *disp_info, time_t secs_fromnow)
477 {
478         /* Remove any pending timeout and update. */
479
480         TALLOC_FREE(disp_info->cache_timeout_event);
481
482         DEBUG(10,("set_disp_info_cache_timeout: caching enumeration for "
483                   "SID %s for %u seconds\n", sid_string_dbg(&disp_info->sid),
484                   (unsigned int)secs_fromnow ));
485
486         disp_info->cache_timeout_event = event_add_timed(
487                 smbd_event_context(), NULL,
488                 timeval_current_ofs(secs_fromnow, 0),
489                 "disp_info_cache_idle_timeout_handler",
490                 disp_info_cache_idle_timeout_handler, (void *)disp_info);
491 }
492
493 /*******************************************************************
494  Force flush any cache. We do this on any samr_set_xxx call.
495  We must also remove the timeout handler.
496  ********************************************************************/
497
498 static void force_flush_samr_cache(DISP_INFO *disp_info)
499 {
500         if ((disp_info == NULL) || (disp_info->cache_timeout_event == NULL)) {
501                 return;
502         }
503
504         DEBUG(10,("force_flush_samr_cache: clearing idle event\n"));
505         TALLOC_FREE(disp_info->cache_timeout_event);
506         free_samr_cache(disp_info);
507 }
508
509 /*******************************************************************
510  Ensure password info is never given out. Paranioa... JRA.
511  ********************************************************************/
512
513 static void samr_clear_sam_passwd(struct samu *sam_pass)
514 {
515
516         if (!sam_pass)
517                 return;
518
519         /* These now zero out the old password */
520
521         pdb_set_lanman_passwd(sam_pass, NULL, PDB_DEFAULT);
522         pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT);
523 }
524
525 static uint32 count_sam_users(struct disp_info *info, uint32 acct_flags)
526 {
527         struct samr_displayentry *entry;
528
529         if (info->builtin_domain) {
530                 /* No users in builtin. */
531                 return 0;
532         }
533
534         if (info->users == NULL) {
535                 info->users = pdb_search_users(acct_flags);
536                 if (info->users == NULL) {
537                         return 0;
538                 }
539         }
540         /* Fetch the last possible entry, thus trigger an enumeration */
541         pdb_search_entries(info->users, 0xffffffff, 1, &entry);
542
543         /* Ensure we cache this enumeration. */
544         set_disp_info_cache_timeout(info, DISP_INFO_CACHE_TIMEOUT);
545
546         return info->users->num_entries;
547 }
548
549 static uint32 count_sam_groups(struct disp_info *info)
550 {
551         struct samr_displayentry *entry;
552
553         if (info->builtin_domain) {
554                 /* No groups in builtin. */
555                 return 0;
556         }
557
558         if (info->groups == NULL) {
559                 info->groups = pdb_search_groups();
560                 if (info->groups == NULL) {
561                         return 0;
562                 }
563         }
564         /* Fetch the last possible entry, thus trigger an enumeration */
565         pdb_search_entries(info->groups, 0xffffffff, 1, &entry);
566
567         /* Ensure we cache this enumeration. */
568         set_disp_info_cache_timeout(info, DISP_INFO_CACHE_TIMEOUT);
569
570         return info->groups->num_entries;
571 }
572
573 static uint32 count_sam_aliases(struct disp_info *info)
574 {
575         struct samr_displayentry *entry;
576
577         if (info->aliases == NULL) {
578                 info->aliases = pdb_search_aliases(&info->sid);
579                 if (info->aliases == NULL) {
580                         return 0;
581                 }
582         }
583         /* Fetch the last possible entry, thus trigger an enumeration */
584         pdb_search_entries(info->aliases, 0xffffffff, 1, &entry);
585
586         /* Ensure we cache this enumeration. */
587         set_disp_info_cache_timeout(info, DISP_INFO_CACHE_TIMEOUT);
588
589         return info->aliases->num_entries;
590 }
591
592 /*******************************************************************
593  _samr_Close
594  ********************************************************************/
595
596 NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r)
597 {
598         if (!close_policy_hnd(p, r->in.handle)) {
599                 return NT_STATUS_INVALID_HANDLE;
600         }
601
602         ZERO_STRUCTP(r->out.handle);
603
604         return NT_STATUS_OK;
605 }
606
607 /*******************************************************************
608  _samr_OpenDomain
609  ********************************************************************/
610
611 NTSTATUS _samr_OpenDomain(pipes_struct *p,
612                           struct samr_OpenDomain *r)
613 {
614         struct    samr_info *info;
615         SEC_DESC *psd = NULL;
616         uint32    acc_granted;
617         uint32    des_access = r->in.access_mask;
618         NTSTATUS  status;
619         size_t    sd_size;
620         SE_PRIV se_rights;
621
622         /* find the connection policy handle. */
623
624         if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
625                 return NT_STATUS_INVALID_HANDLE;
626
627         status = access_check_samr_function(info->acc_granted,
628                                             SAMR_ACCESS_OPEN_DOMAIN,
629                                             "_samr_OpenDomain" );
630
631         if ( !NT_STATUS_IS_OK(status) )
632                 return status;
633
634         /*check if access can be granted as requested by client. */
635         map_max_allowed_access(p->server_info->ptok, &des_access);
636
637         make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
638         se_map_generic( &des_access, &dom_generic_mapping );
639
640         se_priv_copy( &se_rights, &se_machine_account );
641         se_priv_add( &se_rights, &se_add_users );
642
643         status = access_check_samr_object( psd, p->server_info->ptok,
644                 &se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
645                 &acc_granted, "_samr_OpenDomain" );
646
647         if ( !NT_STATUS_IS_OK(status) )
648                 return status;
649
650         if (!sid_check_is_domain(r->in.sid) &&
651             !sid_check_is_builtin(r->in.sid)) {
652                 return NT_STATUS_NO_SUCH_DOMAIN;
653         }
654
655         /* associate the domain SID with the (unique) handle. */
656         if ((info = get_samr_info_by_sid(r->in.sid))==NULL)
657                 return NT_STATUS_NO_MEMORY;
658         info->acc_granted = acc_granted;
659
660         /* get a (unique) handle.  open a policy on it. */
661         if (!create_policy_hnd(p, r->out.domain_handle, free_samr_info, (void *)info))
662                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
663
664         DEBUG(5,("_samr_OpenDomain: %d\n", __LINE__));
665
666         return NT_STATUS_OK;
667 }
668
669 /*******************************************************************
670  _samr_GetUserPwInfo
671  ********************************************************************/
672
673 NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
674                              struct samr_GetUserPwInfo *r)
675 {
676         struct samr_info *info = NULL;
677         enum lsa_SidType sid_type;
678         uint32_t min_password_length = 0;
679         uint32_t password_properties = 0;
680         bool ret = false;
681         NTSTATUS status;
682
683         DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
684
685         /* find the policy handle.  open a policy on it. */
686         if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info)) {
687                 return NT_STATUS_INVALID_HANDLE;
688         }
689
690         status = access_check_samr_function(info->acc_granted,
691                                             SAMR_USER_ACCESS_GET_ATTRIBUTES,
692                                             "_samr_GetUserPwInfo" );
693         if (!NT_STATUS_IS_OK(status)) {
694                 return status;
695         }
696
697         if (!sid_check_is_in_our_domain(&info->sid)) {
698                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
699         }
700
701         become_root();
702         ret = lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, &sid_type);
703         unbecome_root();
704         if (ret == false) {
705                 return NT_STATUS_NO_SUCH_USER;
706         }
707
708         switch (sid_type) {
709                 case SID_NAME_USER:
710                         become_root();
711                         pdb_get_account_policy(AP_MIN_PASSWORD_LEN,
712                                                &min_password_length);
713                         pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
714                                                &password_properties);
715                         unbecome_root();
716
717                         if (lp_check_password_script() && *lp_check_password_script()) {
718                                 password_properties |= DOMAIN_PASSWORD_COMPLEX;
719                         }
720
721                         break;
722                 default:
723                         break;
724         }
725
726         r->out.info->min_password_length = min_password_length;
727         r->out.info->password_properties = password_properties;
728
729         DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
730
731         return NT_STATUS_OK;
732 }
733
734 /*******************************************************************
735 ********************************************************************/
736
737 static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
738                                         DOM_SID *sid, uint32 *acc_granted,
739                                         DISP_INFO **ppdisp_info)
740 {
741         struct samr_info *info = NULL;
742
743         /* find the policy handle.  open a policy on it. */
744         if (!find_policy_by_hnd(p, pol, (void **)(void *)&info))
745                 return False;
746
747         if (!info)
748                 return False;
749
750         *sid = info->sid;
751         *acc_granted = info->acc_granted;
752         if (ppdisp_info) {
753                 *ppdisp_info = info->disp_info;
754         }
755
756         return True;
757 }
758
759 /*******************************************************************
760  _samr_SetSecurity
761  ********************************************************************/
762
763 NTSTATUS _samr_SetSecurity(pipes_struct *p,
764                            struct samr_SetSecurity *r)
765 {
766         DOM_SID pol_sid;
767         uint32 acc_granted, i;
768         SEC_ACL *dacl;
769         bool ret;
770         struct samu *sampass=NULL;
771         NTSTATUS status;
772
773         if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
774                 return NT_STATUS_INVALID_HANDLE;
775
776         if (!(sampass = samu_new( p->mem_ctx))) {
777                 DEBUG(0,("No memory!\n"));
778                 return NT_STATUS_NO_MEMORY;
779         }
780
781         /* get the user record */
782         become_root();
783         ret = pdb_getsampwsid(sampass, &pol_sid);
784         unbecome_root();
785
786         if (!ret) {
787                 DEBUG(4, ("User %s not found\n", sid_string_dbg(&pol_sid)));
788                 TALLOC_FREE(sampass);
789                 return NT_STATUS_INVALID_HANDLE;
790         }
791
792         dacl = r->in.sdbuf->sd->dacl;
793         for (i=0; i < dacl->num_aces; i++) {
794                 if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
795                         ret = pdb_set_pass_can_change(sampass,
796                                 (dacl->aces[i].access_mask &
797                                  SAMR_USER_ACCESS_CHANGE_PASSWORD) ?
798                                                       True: False);
799                         break;
800                 }
801         }
802
803         if (!ret) {
804                 TALLOC_FREE(sampass);
805                 return NT_STATUS_ACCESS_DENIED;
806         }
807
808         status = access_check_samr_function(acc_granted,
809                                             SAMR_USER_ACCESS_SET_ATTRIBUTES,
810                                             "_samr_SetSecurity");
811         if (NT_STATUS_IS_OK(status)) {
812                 become_root();
813                 status = pdb_update_sam_account(sampass);
814                 unbecome_root();
815         }
816
817         TALLOC_FREE(sampass);
818
819         return status;
820 }
821
822 /*******************************************************************
823   build correct perms based on policies and password times for _samr_query_sec_obj
824 *******************************************************************/
825 static bool check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
826 {
827         struct samu *sampass=NULL;
828         bool ret;
829
830         if ( !(sampass = samu_new( mem_ctx )) ) {
831                 DEBUG(0,("No memory!\n"));
832                 return False;
833         }
834
835         become_root();
836         ret = pdb_getsampwsid(sampass, user_sid);
837         unbecome_root();
838
839         if (ret == False) {
840                 DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
841                 TALLOC_FREE(sampass);
842                 return False;
843         }
844
845         DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));
846
847         if (pdb_get_pass_can_change(sampass)) {
848                 TALLOC_FREE(sampass);
849                 return True;
850         }
851         TALLOC_FREE(sampass);
852         return False;
853 }
854
855
856 /*******************************************************************
857  _samr_QuerySecurity
858  ********************************************************************/
859
860 NTSTATUS _samr_QuerySecurity(pipes_struct *p,
861                              struct samr_QuerySecurity *r)
862 {
863         NTSTATUS status;
864         DOM_SID pol_sid;
865         SEC_DESC * psd = NULL;
866         uint32 acc_granted;
867         size_t sd_size;
868
869         /* Get the SID. */
870         if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
871                 return NT_STATUS_INVALID_HANDLE;
872
873         DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
874                   sid_string_dbg(&pol_sid)));
875
876         status = access_check_samr_function(acc_granted,
877                                             STD_RIGHT_READ_CONTROL_ACCESS,
878                                             "_samr_QuerySecurity");
879         if (!NT_STATUS_IS_OK(status)) {
880                 return status;
881         }
882
883         /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
884
885         /* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */
886         if (pol_sid.sid_rev_num == 0) {
887                 DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
888                 status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
889         } else if (sid_equal(&pol_sid,get_global_sam_sid())) {
890                 /* check if it is our domain SID */
891                 DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
892                          "with SID: %s\n", sid_string_dbg(&pol_sid)));
893                 status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
894         } else if (sid_equal(&pol_sid,&global_sid_Builtin)) {
895                 /* check if it is the Builtin  Domain */
896                 /* TODO: Builtin probably needs a different SD with restricted write access*/
897                 DEBUG(5,("_samr_QuerySecurity: querying security on Builtin "
898                          "Domain with SID: %s\n", sid_string_dbg(&pol_sid)));
899                 status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
900         } else if (sid_check_is_in_our_domain(&pol_sid) ||
901                  sid_check_is_in_builtin(&pol_sid)) {
902                 /* TODO: different SDs have to be generated for aliases groups and users.
903                          Currently all three get a default user SD  */
904                 DEBUG(10,("_samr_QuerySecurity: querying security on Object "
905                           "with SID: %s\n", sid_string_dbg(&pol_sid)));
906                 if (check_change_pw_access(p->mem_ctx, &pol_sid)) {
907                         status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
908                                                           &pol_sid, SAMR_USR_RIGHTS_WRITE_PW);
909                 } else {
910                         status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping,
911                                                           &pol_sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
912                 }
913         } else {
914                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
915         }
916
917         if ((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
918                 return NT_STATUS_NO_MEMORY;
919
920         return status;
921 }
922
923 /*******************************************************************
924 makes a SAM_ENTRY / UNISTR2* structure from a user list.
925 ********************************************************************/
926
927 static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx,
928                                          struct samr_SamEntry **sam_pp,
929                                          uint32_t num_entries,
930                                          uint32_t start_idx,
931                                          struct samr_displayentry *entries)
932 {
933         uint32_t i;
934         struct samr_SamEntry *sam;
935
936         *sam_pp = NULL;
937
938         if (num_entries == 0) {
939                 return NT_STATUS_OK;
940         }
941
942         sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_entries);
943         if (sam == NULL) {
944                 DEBUG(0, ("make_user_sam_entry_list: TALLOC_ZERO failed!\n"));
945                 return NT_STATUS_NO_MEMORY;
946         }
947
948         for (i = 0; i < num_entries; i++) {
949 #if 0
950                 /*
951                  * usrmgr expects a non-NULL terminated string with
952                  * trust relationships
953                  */
954                 if (entries[i].acct_flags & ACB_DOMTRUST) {
955                         init_unistr2(&uni_temp_name, entries[i].account_name,
956                                      UNI_FLAGS_NONE);
957                 } else {
958                         init_unistr2(&uni_temp_name, entries[i].account_name,
959                                      UNI_STR_TERMINATE);
960                 }
961 #endif
962                 init_lsa_String(&sam[i].name, entries[i].account_name);
963                 sam[i].idx = entries[i].rid;
964         }
965
966         *sam_pp = sam;
967
968         return NT_STATUS_OK;
969 }
970
971 #define MAX_SAM_ENTRIES MAX_SAM_ENTRIES_W2K
972
973 /*******************************************************************
974  _samr_EnumDomainUsers
975  ********************************************************************/
976
977 NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
978                                struct samr_EnumDomainUsers *r)
979 {
980         NTSTATUS status;
981         struct samr_info *info = NULL;
982         int num_account;
983         uint32 enum_context = *r->in.resume_handle;
984         enum remote_arch_types ra_type = get_remote_arch();
985         int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
986         uint32 max_entries = max_sam_entries;
987         struct samr_displayentry *entries = NULL;
988         struct samr_SamArray *samr_array = NULL;
989         struct samr_SamEntry *samr_entries = NULL;
990
991         /* find the policy handle.  open a policy on it. */
992         if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
993                 return NT_STATUS_INVALID_HANDLE;
994
995         status = access_check_samr_function(info->acc_granted,
996                                             SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
997                                             "_samr_EnumDomainUsers");
998         if (!NT_STATUS_IS_OK(status)) {
999                 return status;
1000         }
1001
1002         DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
1003
1004         if (info->builtin_domain) {
1005                 /* No users in builtin. */
1006                 *r->out.resume_handle = *r->in.resume_handle;
1007                 DEBUG(5,("_samr_EnumDomainUsers: No users in BUILTIN\n"));
1008                 return status;
1009         }
1010
1011         samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
1012         if (!samr_array) {
1013                 return NT_STATUS_NO_MEMORY;
1014         }
1015
1016         become_root();
1017
1018         /* AS ROOT !!!! */
1019
1020         if ((info->disp_info->enum_users != NULL) &&
1021             (info->disp_info->enum_acb_mask != r->in.acct_flags)) {
1022                 pdb_search_destroy(info->disp_info->enum_users);
1023                 info->disp_info->enum_users = NULL;
1024         }
1025
1026         if (info->disp_info->enum_users == NULL) {
1027                 info->disp_info->enum_users = pdb_search_users(r->in.acct_flags);
1028                 info->disp_info->enum_acb_mask = r->in.acct_flags;
1029         }
1030
1031         if (info->disp_info->enum_users == NULL) {
1032                 /* END AS ROOT !!!! */
1033                 unbecome_root();
1034                 return NT_STATUS_ACCESS_DENIED;
1035         }
1036
1037         num_account = pdb_search_entries(info->disp_info->enum_users,
1038                                          enum_context, max_entries,
1039                                          &entries);
1040
1041         /* END AS ROOT !!!! */
1042
1043         unbecome_root();
1044
1045         if (num_account == 0) {
1046                 DEBUG(5, ("_samr_EnumDomainUsers: enumeration handle over "
1047                           "total entries\n"));
1048                 *r->out.resume_handle = *r->in.resume_handle;
1049                 return NT_STATUS_OK;
1050         }
1051
1052         status = make_user_sam_entry_list(p->mem_ctx, &samr_entries,
1053                                           num_account, enum_context,
1054                                           entries);
1055         if (!NT_STATUS_IS_OK(status)) {
1056                 return status;
1057         }
1058
1059         if (max_entries <= num_account) {
1060                 status = STATUS_MORE_ENTRIES;
1061         } else {
1062                 status = NT_STATUS_OK;
1063         }
1064
1065         /* Ensure we cache this enumeration. */
1066         set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
1067
1068         DEBUG(5, ("_samr_EnumDomainUsers: %d\n", __LINE__));
1069
1070         samr_array->count = num_account;
1071         samr_array->entries = samr_entries;
1072
1073         *r->out.resume_handle = *r->in.resume_handle + num_account;
1074         *r->out.sam = samr_array;
1075         *r->out.num_entries = num_account;
1076
1077         DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
1078
1079         return status;
1080 }
1081
1082 /*******************************************************************
1083 makes a SAM_ENTRY / UNISTR2* structure from a group list.
1084 ********************************************************************/
1085
1086 static void make_group_sam_entry_list(TALLOC_CTX *ctx,
1087                                       struct samr_SamEntry **sam_pp,
1088                                       uint32_t num_sam_entries,
1089                                       struct samr_displayentry *entries)
1090 {
1091         struct samr_SamEntry *sam;
1092         uint32_t i;
1093
1094         *sam_pp = NULL;
1095
1096         if (num_sam_entries == 0) {
1097                 return;
1098         }
1099
1100         sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_sam_entries);
1101         if (sam == NULL) {
1102                 return;
1103         }
1104
1105         for (i = 0; i < num_sam_entries; i++) {
1106                 /*
1107                  * JRA. I think this should include the null. TNG does not.
1108                  */
1109                 init_lsa_String(&sam[i].name, entries[i].account_name);
1110                 sam[i].idx = entries[i].rid;
1111         }
1112
1113         *sam_pp = sam;
1114 }
1115
1116 /*******************************************************************
1117  _samr_EnumDomainGroups
1118  ********************************************************************/
1119
1120 NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
1121                                 struct samr_EnumDomainGroups *r)
1122 {
1123         NTSTATUS status;
1124         struct samr_info *info = NULL;
1125         struct samr_displayentry *groups;
1126         uint32 num_groups;
1127         struct samr_SamArray *samr_array = NULL;
1128         struct samr_SamEntry *samr_entries = NULL;
1129
1130         /* find the policy handle.  open a policy on it. */
1131         if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
1132                 return NT_STATUS_INVALID_HANDLE;
1133
1134         status = access_check_samr_function(info->acc_granted,
1135                                             SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
1136                                             "_samr_EnumDomainGroups");
1137         if (!NT_STATUS_IS_OK(status)) {
1138                 return status;
1139         }
1140
1141         DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
1142
1143         if (info->builtin_domain) {
1144                 /* No groups in builtin. */
1145                 *r->out.resume_handle = *r->in.resume_handle;
1146                 DEBUG(5,("_samr_EnumDomainGroups: No groups in BUILTIN\n"));
1147                 return status;
1148         }
1149
1150         samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
1151         if (!samr_array) {
1152                 return NT_STATUS_NO_MEMORY;
1153         }
1154
1155         /* the domain group array is being allocated in the function below */
1156
1157         become_root();
1158
1159         if (info->disp_info->groups == NULL) {
1160                 info->disp_info->groups = pdb_search_groups();
1161
1162                 if (info->disp_info->groups == NULL) {
1163                         unbecome_root();
1164                         return NT_STATUS_ACCESS_DENIED;
1165                 }
1166         }
1167
1168         num_groups = pdb_search_entries(info->disp_info->groups,
1169                                         *r->in.resume_handle,
1170                                         MAX_SAM_ENTRIES, &groups);
1171         unbecome_root();
1172
1173         /* Ensure we cache this enumeration. */
1174         set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
1175
1176         make_group_sam_entry_list(p->mem_ctx, &samr_entries,
1177                                   num_groups, groups);
1178
1179         samr_array->count = num_groups;
1180         samr_array->entries = samr_entries;
1181
1182         *r->out.sam = samr_array;
1183         *r->out.num_entries = num_groups;
1184         /* this was missing, IMHO:
1185         *r->out.resume_handle = num_groups + *r->in.resume_handle;
1186         */
1187
1188         DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
1189
1190         return status;
1191 }
1192
1193 /*******************************************************************
1194  _samr_EnumDomainAliases
1195  ********************************************************************/
1196
1197 NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
1198                                  struct samr_EnumDomainAliases *r)
1199 {
1200         NTSTATUS status;
1201         struct samr_info *info;
1202         struct samr_displayentry *aliases;
1203         uint32 num_aliases = 0;
1204         struct samr_SamArray *samr_array = NULL;
1205         struct samr_SamEntry *samr_entries = NULL;
1206
1207         /* find the policy handle.  open a policy on it. */
1208         if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
1209                 return NT_STATUS_INVALID_HANDLE;
1210
1211         DEBUG(5,("_samr_EnumDomainAliases: sid %s\n",
1212                  sid_string_dbg(&info->sid)));
1213
1214         status = access_check_samr_function(info->acc_granted,
1215                                             SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
1216                                             "_samr_EnumDomainAliases");
1217         if (!NT_STATUS_IS_OK(status)) {
1218                 return status;
1219         }
1220
1221         samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
1222         if (!samr_array) {
1223                 return NT_STATUS_NO_MEMORY;
1224         }
1225
1226         become_root();
1227
1228         if (info->disp_info->aliases == NULL) {
1229                 info->disp_info->aliases = pdb_search_aliases(&info->sid);
1230                 if (info->disp_info->aliases == NULL) {
1231                         unbecome_root();
1232                         return NT_STATUS_ACCESS_DENIED;
1233                 }
1234         }
1235
1236         num_aliases = pdb_search_entries(info->disp_info->aliases,
1237                                          *r->in.resume_handle,
1238                                          MAX_SAM_ENTRIES, &aliases);
1239         unbecome_root();
1240
1241         /* Ensure we cache this enumeration. */
1242         set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
1243
1244         make_group_sam_entry_list(p->mem_ctx, &samr_entries,
1245                                   num_aliases, aliases);
1246
1247         DEBUG(5,("_samr_EnumDomainAliases: %d\n", __LINE__));
1248
1249         samr_array->count = num_aliases;
1250         samr_array->entries = samr_entries;
1251
1252         *r->out.sam = samr_array;
1253         *r->out.num_entries = num_aliases;
1254         *r->out.resume_handle = num_aliases + *r->in.resume_handle;
1255
1256         return status;
1257 }
1258
1259 /*******************************************************************
1260  inits a samr_DispInfoGeneral structure.
1261 ********************************************************************/
1262
1263 static NTSTATUS init_samr_dispinfo_1(TALLOC_CTX *ctx,
1264                                      struct samr_DispInfoGeneral *r,
1265                                      uint32_t num_entries,
1266                                      uint32_t start_idx,
1267                                      struct samr_displayentry *entries)
1268 {
1269         uint32 i;
1270
1271         DEBUG(10, ("init_samr_dispinfo_1: num_entries: %d\n", num_entries));
1272
1273         if (num_entries == 0) {
1274                 return NT_STATUS_OK;
1275         }
1276
1277         r->count = num_entries;
1278
1279         r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryGeneral, num_entries);
1280         if (!r->entries) {
1281                 return NT_STATUS_NO_MEMORY;
1282         }
1283
1284         for (i = 0; i < num_entries ; i++) {
1285
1286                 init_lsa_String(&r->entries[i].account_name,
1287                                 entries[i].account_name);
1288
1289                 init_lsa_String(&r->entries[i].description,
1290                                 entries[i].description);
1291
1292                 init_lsa_String(&r->entries[i].full_name,
1293                                 entries[i].fullname);
1294
1295                 r->entries[i].rid = entries[i].rid;
1296                 r->entries[i].acct_flags = entries[i].acct_flags;
1297                 r->entries[i].idx = start_idx+i+1;
1298         }
1299
1300         return NT_STATUS_OK;
1301 }
1302
1303 /*******************************************************************
1304  inits a samr_DispInfoFull structure.
1305 ********************************************************************/
1306
1307 static NTSTATUS init_samr_dispinfo_2(TALLOC_CTX *ctx,
1308                                      struct samr_DispInfoFull *r,
1309                                      uint32_t num_entries,
1310                                      uint32_t start_idx,
1311                                      struct samr_displayentry *entries)
1312 {
1313         uint32_t i;
1314
1315         DEBUG(10, ("init_samr_dispinfo_2: num_entries: %d\n", num_entries));
1316
1317         if (num_entries == 0) {
1318                 return NT_STATUS_OK;
1319         }
1320
1321         r->count = num_entries;
1322
1323         r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFull, num_entries);
1324         if (!r->entries) {
1325                 return NT_STATUS_NO_MEMORY;
1326         }
1327
1328         for (i = 0; i < num_entries ; i++) {
1329
1330                 init_lsa_String(&r->entries[i].account_name,
1331                                 entries[i].account_name);
1332
1333                 init_lsa_String(&r->entries[i].description,
1334                                 entries[i].description);
1335
1336                 r->entries[i].rid = entries[i].rid;
1337                 r->entries[i].acct_flags = entries[i].acct_flags;
1338                 r->entries[i].idx = start_idx+i+1;
1339         }
1340
1341         return NT_STATUS_OK;
1342 }
1343
1344 /*******************************************************************
1345  inits a samr_DispInfoFullGroups structure.
1346 ********************************************************************/
1347
1348 static NTSTATUS init_samr_dispinfo_3(TALLOC_CTX *ctx,
1349                                      struct samr_DispInfoFullGroups *r,
1350                                      uint32_t num_entries,
1351                                      uint32_t start_idx,
1352                                      struct samr_displayentry *entries)
1353 {
1354         uint32_t i;
1355
1356         DEBUG(5, ("init_samr_dispinfo_3: num_entries: %d\n", num_entries));
1357
1358         if (num_entries == 0) {
1359                 return NT_STATUS_OK;
1360         }
1361
1362         r->count = num_entries;
1363
1364         r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFullGroup, num_entries);
1365         if (!r->entries) {
1366                 return NT_STATUS_NO_MEMORY;
1367         }
1368
1369         for (i = 0; i < num_entries ; i++) {
1370
1371                 init_lsa_String(&r->entries[i].account_name,
1372                                 entries[i].account_name);
1373
1374                 init_lsa_String(&r->entries[i].description,
1375                                 entries[i].description);
1376
1377                 r->entries[i].rid = entries[i].rid;
1378                 r->entries[i].acct_flags = entries[i].acct_flags;
1379                 r->entries[i].idx = start_idx+i+1;
1380         }
1381
1382         return NT_STATUS_OK;
1383 }
1384
1385 /*******************************************************************
1386  inits a samr_DispInfoAscii structure.
1387 ********************************************************************/
1388
1389 static NTSTATUS init_samr_dispinfo_4(TALLOC_CTX *ctx,
1390                                      struct samr_DispInfoAscii *r,
1391                                      uint32_t num_entries,
1392                                      uint32_t start_idx,
1393                                      struct samr_displayentry *entries)
1394 {
1395         uint32_t i;
1396
1397         DEBUG(5, ("init_samr_dispinfo_4: num_entries: %d\n", num_entries));
1398
1399         if (num_entries == 0) {
1400                 return NT_STATUS_OK;
1401         }
1402
1403         r->count = num_entries;
1404
1405         r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
1406         if (!r->entries) {
1407                 return NT_STATUS_NO_MEMORY;
1408         }
1409
1410         for (i = 0; i < num_entries ; i++) {
1411
1412                 init_lsa_AsciiStringLarge(&r->entries[i].account_name,
1413                                           entries[i].account_name);
1414
1415                 r->entries[i].idx = start_idx+i+1;
1416         }
1417
1418         return NT_STATUS_OK;
1419 }
1420
1421 /*******************************************************************
1422  inits a samr_DispInfoAscii structure.
1423 ********************************************************************/
1424
1425 static NTSTATUS init_samr_dispinfo_5(TALLOC_CTX *ctx,
1426                                      struct samr_DispInfoAscii *r,
1427                                      uint32_t num_entries,
1428                                      uint32_t start_idx,
1429                                      struct samr_displayentry *entries)
1430 {
1431         uint32_t i;
1432
1433         DEBUG(5, ("init_samr_dispinfo_5: num_entries: %d\n", num_entries));
1434
1435         if (num_entries == 0) {
1436                 return NT_STATUS_OK;
1437         }
1438
1439         r->count = num_entries;
1440
1441         r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
1442         if (!r->entries) {
1443                 return NT_STATUS_NO_MEMORY;
1444         }
1445
1446         for (i = 0; i < num_entries ; i++) {
1447
1448                 init_lsa_AsciiStringLarge(&r->entries[i].account_name,
1449                                           entries[i].account_name);
1450
1451                 r->entries[i].idx = start_idx+i+1;
1452         }
1453
1454         return NT_STATUS_OK;
1455 }
1456
1457 /*******************************************************************
1458  _samr_QueryDisplayInfo
1459  ********************************************************************/
1460
1461 NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
1462                                 struct samr_QueryDisplayInfo *r)
1463 {
1464         NTSTATUS status;
1465         struct samr_info *info = NULL;
1466         uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
1467
1468         uint32 max_entries = r->in.max_entries;
1469         uint32 enum_context = r->in.start_idx;
1470         uint32 max_size = r->in.buf_size;
1471
1472         union samr_DispInfo *disp_info = r->out.info;
1473
1474         uint32 temp_size=0, total_data_size=0;
1475         NTSTATUS disp_ret = NT_STATUS_UNSUCCESSFUL;
1476         uint32 num_account = 0;
1477         enum remote_arch_types ra_type = get_remote_arch();
1478         int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
1479         struct samr_displayentry *entries = NULL;
1480
1481         DEBUG(5,("_samr_QueryDisplayInfo: %d\n", __LINE__));
1482
1483         /* find the policy handle.  open a policy on it. */
1484         if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
1485                 return NT_STATUS_INVALID_HANDLE;
1486
1487         status = access_check_samr_function(info->acc_granted,
1488                                             SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
1489                                             "_samr_QueryDisplayInfo");
1490         if (!NT_STATUS_IS_OK(status)) {
1491                 return status;
1492         }
1493
1494         /*
1495          * calculate how many entries we will return.
1496          * based on
1497          * - the number of entries the client asked
1498          * - our limit on that
1499          * - the starting point (enumeration context)
1500          * - the buffer size the client will accept
1501          */
1502
1503         /*
1504          * We are a lot more like W2K. Instead of reading the SAM
1505          * each time to find the records we need to send back,
1506          * we read it once and link that copy to the sam handle.
1507          * For large user list (over the MAX_SAM_ENTRIES)
1508          * it's a definitive win.
1509          * second point to notice: between enumerations
1510          * our sam is now the same as it's a snapshoot.
1511          * third point: got rid of the static SAM_USER_21 struct
1512          * no more intermediate.
1513          * con: it uses much more memory, as a full copy is stored
1514          * in memory.
1515          *
1516          * If you want to change it, think twice and think
1517          * of the second point , that's really important.
1518          *
1519          * JFM, 12/20/2001
1520          */
1521
1522         if ((r->in.level < 1) || (r->in.level > 5)) {
1523                 DEBUG(0,("_samr_QueryDisplayInfo: Unknown info level (%u)\n",
1524                          (unsigned int)r->in.level ));
1525                 return NT_STATUS_INVALID_INFO_CLASS;
1526         }
1527
1528         /* first limit the number of entries we will return */
1529         if(max_entries > max_sam_entries) {
1530                 DEBUG(5, ("_samr_QueryDisplayInfo: client requested %d "
1531                           "entries, limiting to %d\n", max_entries,
1532                           max_sam_entries));
1533                 max_entries = max_sam_entries;
1534         }
1535
1536         /* calculate the size and limit on the number of entries we will
1537          * return */
1538
1539         temp_size=max_entries*struct_size;
1540
1541         if (temp_size>max_size) {
1542                 max_entries=MIN((max_size/struct_size),max_entries);;
1543                 DEBUG(5, ("_samr_QueryDisplayInfo: buffer size limits to "
1544                           "only %d entries\n", max_entries));
1545         }
1546
1547         become_root();
1548
1549         /* THe following done as ROOT. Don't return without unbecome_root(). */
1550
1551         switch (r->in.level) {
1552         case 0x1:
1553         case 0x4:
1554                 if (info->disp_info->users == NULL) {
1555                         info->disp_info->users = pdb_search_users(ACB_NORMAL);
1556                         if (info->disp_info->users == NULL) {
1557                                 unbecome_root();
1558                                 return NT_STATUS_ACCESS_DENIED;
1559                         }
1560                         DEBUG(10,("_samr_QueryDisplayInfo: starting user enumeration at index %u\n",
1561                                 (unsigned  int)enum_context ));
1562                 } else {
1563                         DEBUG(10,("_samr_QueryDisplayInfo: using cached user enumeration at index %u\n",
1564                                 (unsigned  int)enum_context ));
1565                 }
1566
1567                 num_account = pdb_search_entries(info->disp_info->users,
1568                                                  enum_context, max_entries,
1569                                                  &entries);
1570                 break;
1571         case 0x2:
1572                 if (info->disp_info->machines == NULL) {
1573                         info->disp_info->machines =
1574                                 pdb_search_users(ACB_WSTRUST|ACB_SVRTRUST);
1575                         if (info->disp_info->machines == NULL) {
1576                                 unbecome_root();
1577                                 return NT_STATUS_ACCESS_DENIED;
1578                         }
1579                         DEBUG(10,("_samr_QueryDisplayInfo: starting machine enumeration at index %u\n",
1580                                 (unsigned  int)enum_context ));
1581                 } else {
1582                         DEBUG(10,("_samr_QueryDisplayInfo: using cached machine enumeration at index %u\n",
1583                                 (unsigned  int)enum_context ));
1584                 }
1585
1586                 num_account = pdb_search_entries(info->disp_info->machines,
1587                                                  enum_context, max_entries,
1588                                                  &entries);
1589                 break;
1590         case 0x3:
1591         case 0x5:
1592                 if (info->disp_info->groups == NULL) {
1593                         info->disp_info->groups = pdb_search_groups();
1594                         if (info->disp_info->groups == NULL) {
1595                                 unbecome_root();
1596                                 return NT_STATUS_ACCESS_DENIED;
1597                         }
1598                         DEBUG(10,("_samr_QueryDisplayInfo: starting group enumeration at index %u\n",
1599                                 (unsigned  int)enum_context ));
1600                 } else {
1601                         DEBUG(10,("_samr_QueryDisplayInfo: using cached group enumeration at index %u\n",
1602                                 (unsigned  int)enum_context ));
1603                 }
1604
1605                 num_account = pdb_search_entries(info->disp_info->groups,
1606                                                  enum_context, max_entries,
1607                                                  &entries);
1608                 break;
1609         default:
1610                 unbecome_root();
1611                 smb_panic("info class changed");
1612                 break;
1613         }
1614         unbecome_root();
1615
1616
1617         /* Now create reply structure */
1618         switch (r->in.level) {
1619         case 0x1:
1620                 disp_ret = init_samr_dispinfo_1(p->mem_ctx, &disp_info->info1,
1621                                                 num_account, enum_context,
1622                                                 entries);
1623                 break;
1624         case 0x2:
1625                 disp_ret = init_samr_dispinfo_2(p->mem_ctx, &disp_info->info2,
1626                                                 num_account, enum_context,
1627                                                 entries);
1628                 break;
1629         case 0x3:
1630                 disp_ret = init_samr_dispinfo_3(p->mem_ctx, &disp_info->info3,
1631                                                 num_account, enum_context,
1632                                                 entries);
1633                 break;
1634         case 0x4:
1635                 disp_ret = init_samr_dispinfo_4(p->mem_ctx, &disp_info->info4,
1636                                                 num_account, enum_context,
1637                                                 entries);
1638                 break;
1639         case 0x5:
1640                 disp_ret = init_samr_dispinfo_5(p->mem_ctx, &disp_info->info5,
1641                                                 num_account, enum_context,
1642                                                 entries);
1643                 break;
1644         default:
1645                 smb_panic("info class changed");
1646                 break;
1647         }
1648
1649         if (!NT_STATUS_IS_OK(disp_ret))
1650                 return disp_ret;
1651
1652         /* calculate the total size */
1653         total_data_size=num_account*struct_size;
1654
1655         if (max_entries <= num_account) {
1656                 status = STATUS_MORE_ENTRIES;
1657         } else {
1658                 status = NT_STATUS_OK;
1659         }
1660
1661         /* Ensure we cache this enumeration. */
1662         set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
1663
1664         DEBUG(5, ("_samr_QueryDisplayInfo: %d\n", __LINE__));
1665
1666         *r->out.total_size = total_data_size;
1667         *r->out.returned_size = temp_size;
1668
1669         return status;
1670 }
1671
1672 /****************************************************************
1673  _samr_QueryDisplayInfo2
1674 ****************************************************************/
1675
1676 NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p,
1677                                  struct samr_QueryDisplayInfo2 *r)
1678 {
1679         struct samr_QueryDisplayInfo q;
1680
1681         q.in.domain_handle      = r->in.domain_handle;
1682         q.in.level              = r->in.level;
1683         q.in.start_idx          = r->in.start_idx;
1684         q.in.max_entries        = r->in.max_entries;
1685         q.in.buf_size           = r->in.buf_size;
1686
1687         q.out.total_size        = r->out.total_size;
1688         q.out.returned_size     = r->out.returned_size;
1689         q.out.info              = r->out.info;
1690
1691         return _samr_QueryDisplayInfo(p, &q);
1692 }
1693
1694 /****************************************************************
1695  _samr_QueryDisplayInfo3
1696 ****************************************************************/
1697
1698 NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p,
1699                                  struct samr_QueryDisplayInfo3 *r)
1700 {
1701         struct samr_QueryDisplayInfo q;
1702
1703         q.in.domain_handle      = r->in.domain_handle;
1704         q.in.level              = r->in.level;
1705         q.in.start_idx          = r->in.start_idx;
1706         q.in.max_entries        = r->in.max_entries;
1707         q.in.buf_size           = r->in.buf_size;
1708
1709         q.out.total_size        = r->out.total_size;
1710         q.out.returned_size     = r->out.returned_size;
1711         q.out.info              = r->out.info;
1712
1713         return _samr_QueryDisplayInfo(p, &q);
1714 }
1715
1716 /*******************************************************************
1717  _samr_QueryAliasInfo
1718  ********************************************************************/
1719
1720 NTSTATUS _samr_QueryAliasInfo(pipes_struct *p,
1721                               struct samr_QueryAliasInfo *r)
1722 {
1723         DOM_SID   sid;
1724         struct acct_info info;
1725         uint32    acc_granted;
1726         NTSTATUS status;
1727         union samr_AliasInfo *alias_info = NULL;
1728         const char *alias_name = NULL;
1729         const char *alias_description = NULL;
1730
1731         DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
1732
1733         alias_info = TALLOC_ZERO_P(p->mem_ctx, union samr_AliasInfo);
1734         if (!alias_info) {
1735                 return NT_STATUS_NO_MEMORY;
1736         }
1737
1738         /* find the policy handle.  open a policy on it. */
1739         if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &sid, &acc_granted, NULL))
1740                 return NT_STATUS_INVALID_HANDLE;
1741
1742         status = access_check_samr_function(acc_granted,
1743                                             SAMR_ALIAS_ACCESS_LOOKUP_INFO,
1744                                             "_samr_QueryAliasInfo");
1745         if (!NT_STATUS_IS_OK(status)) {
1746                 return status;
1747         }
1748
1749         become_root();
1750         status = pdb_get_aliasinfo(&sid, &info);
1751         unbecome_root();
1752
1753         if ( !NT_STATUS_IS_OK(status))
1754                 return status;
1755
1756         /* FIXME: info contains fstrings */
1757         alias_name = talloc_strdup(r, info.acct_name);
1758         alias_description = talloc_strdup(r, info.acct_desc);
1759
1760         switch (r->in.level) {
1761         case ALIASINFOALL:
1762                 init_samr_alias_info1(&alias_info->all,
1763                                       alias_name,
1764                                       1,
1765                                       alias_description);
1766                 break;
1767         case ALIASINFODESCRIPTION:
1768                 init_samr_alias_info3(&alias_info->description,
1769                                       alias_description);
1770                 break;
1771         default:
1772                 return NT_STATUS_INVALID_INFO_CLASS;
1773         }
1774
1775         *r->out.info = alias_info;
1776
1777         DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
1778
1779         return NT_STATUS_OK;
1780 }
1781
1782 /*******************************************************************
1783  _samr_LookupNames
1784  ********************************************************************/
1785
1786 NTSTATUS _samr_LookupNames(pipes_struct *p,
1787                            struct samr_LookupNames *r)
1788 {
1789         NTSTATUS status;
1790         uint32 *rid;
1791         enum lsa_SidType *type;
1792         int i;
1793         int num_rids = r->in.num_names;
1794         DOM_SID pol_sid;
1795         uint32  acc_granted;
1796         struct samr_Ids rids, types;
1797         uint32_t num_mapped = 0;
1798
1799         DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
1800
1801         if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL)) {
1802                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
1803         }
1804
1805         status = access_check_samr_function(acc_granted,
1806                                             0, /* Don't know the acc_bits yet */
1807                                             "_samr_LookupNames");
1808         if (!NT_STATUS_IS_OK(status)) {
1809                 return status;
1810         }
1811
1812         if (num_rids > MAX_SAM_ENTRIES) {
1813                 num_rids = MAX_SAM_ENTRIES;
1814                 DEBUG(5,("_samr_LookupNames: truncating entries to %d\n", num_rids));
1815         }
1816
1817         rid = talloc_array(p->mem_ctx, uint32, num_rids);
1818         NT_STATUS_HAVE_NO_MEMORY(rid);
1819
1820         type = talloc_array(p->mem_ctx, enum lsa_SidType, num_rids);
1821         NT_STATUS_HAVE_NO_MEMORY(type);
1822
1823         DEBUG(5,("_samr_LookupNames: looking name on SID %s\n",
1824                  sid_string_dbg(&pol_sid)));
1825
1826         for (i = 0; i < num_rids; i++) {
1827
1828                 status = NT_STATUS_NONE_MAPPED;
1829                 type[i] = SID_NAME_UNKNOWN;
1830
1831                 rid[i] = 0xffffffff;
1832
1833                 if (sid_check_is_builtin(&pol_sid)) {
1834                         if (lookup_builtin_name(r->in.names[i].string,
1835                                                 &rid[i]))
1836                         {
1837                                 type[i] = SID_NAME_ALIAS;
1838                         }
1839                 } else {
1840                         lookup_global_sam_name(r->in.names[i].string, 0,
1841                                                &rid[i], &type[i]);
1842                 }
1843
1844                 if (type[i] != SID_NAME_UNKNOWN) {
1845                         num_mapped++;
1846                 }
1847         }
1848
1849         if (num_mapped == num_rids) {
1850                 status = NT_STATUS_OK;
1851         } else if (num_mapped == 0) {
1852                 status = NT_STATUS_NONE_MAPPED;
1853         } else {
1854                 status = STATUS_SOME_UNMAPPED;
1855         }
1856
1857         rids.count = num_rids;
1858         rids.ids = rid;
1859
1860         types.count = num_rids;
1861         types.ids = type;
1862
1863         *r->out.rids = rids;
1864         *r->out.types = types;
1865
1866         DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
1867
1868         return status;
1869 }
1870
1871 /*******************************************************************
1872  _samr_ChangePasswordUser2
1873  ********************************************************************/
1874
1875 NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
1876                                    struct samr_ChangePasswordUser2 *r)
1877 {
1878         NTSTATUS status;
1879         fstring user_name;
1880         fstring wks;
1881
1882         DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
1883
1884         fstrcpy(user_name, r->in.account->string);
1885         fstrcpy(wks, r->in.server->string);
1886
1887         DEBUG(5,("_samr_ChangePasswordUser2: user: %s wks: %s\n", user_name, wks));
1888
1889         /*
1890          * Pass the user through the NT -> unix user mapping
1891          * function.
1892          */
1893
1894         (void)map_username(user_name);
1895
1896         /*
1897          * UNIX username case mangling not required, pass_oem_change
1898          * is case insensitive.
1899          */
1900
1901         status = pass_oem_change(user_name,
1902                                  r->in.lm_password->data,
1903                                  r->in.lm_verifier->hash,
1904                                  r->in.nt_password->data,
1905                                  r->in.nt_verifier->hash,
1906                                  NULL);
1907
1908         DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
1909
1910         return status;
1911 }
1912
1913 /*******************************************************************
1914  _samr_ChangePasswordUser3
1915  ********************************************************************/
1916
1917 NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
1918                                    struct samr_ChangePasswordUser3 *r)
1919 {
1920         NTSTATUS status;
1921         fstring user_name;
1922         const char *wks = NULL;
1923         uint32 reject_reason;
1924         struct samr_DomInfo1 *dominfo = NULL;
1925         struct samr_ChangeReject *reject = NULL;
1926
1927         DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
1928
1929         fstrcpy(user_name, r->in.account->string);
1930         if (r->in.server && r->in.server->string) {
1931                 wks = r->in.server->string;
1932         }
1933
1934         DEBUG(5,("_samr_ChangePasswordUser3: user: %s wks: %s\n", user_name, wks));
1935
1936         /*
1937          * Pass the user through the NT -> unix user mapping
1938          * function.
1939          */
1940
1941         (void)map_username(user_name);
1942
1943         /*
1944          * UNIX username case mangling not required, pass_oem_change
1945          * is case insensitive.
1946          */
1947
1948         status = pass_oem_change(user_name,
1949                                  r->in.lm_password->data,
1950                                  r->in.lm_verifier->hash,
1951                                  r->in.nt_password->data,
1952                                  r->in.nt_verifier->hash,
1953                                  &reject_reason);
1954
1955         if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) ||
1956             NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_RESTRICTION)) {
1957
1958                 uint32 min_pass_len,pass_hist,password_properties;
1959                 time_t u_expire, u_min_age;
1960                 NTTIME nt_expire, nt_min_age;
1961                 uint32 account_policy_temp;
1962
1963                 dominfo = TALLOC_ZERO_P(p->mem_ctx, struct samr_DomInfo1);
1964                 if (!dominfo) {
1965                         return NT_STATUS_NO_MEMORY;
1966                 }
1967
1968                 reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject);
1969                 if (!reject) {
1970                         return NT_STATUS_NO_MEMORY;
1971                 }
1972
1973                 become_root();
1974
1975                 /* AS ROOT !!! */
1976
1977                 pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
1978                 min_pass_len = account_policy_temp;
1979
1980                 pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
1981                 pass_hist = account_policy_temp;
1982
1983                 pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp);
1984                 password_properties = account_policy_temp;
1985
1986                 pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
1987                 u_expire = account_policy_temp;
1988
1989                 pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
1990                 u_min_age = account_policy_temp;
1991
1992                 /* !AS ROOT */
1993
1994                 unbecome_root();
1995
1996                 unix_to_nt_time_abs(&nt_expire, u_expire);
1997                 unix_to_nt_time_abs(&nt_min_age, u_min_age);
1998
1999                 if (lp_check_password_script() && *lp_check_password_script()) {
2000                         password_properties |= DOMAIN_PASSWORD_COMPLEX;
2001                 }
2002
2003                 init_samr_DomInfo1(dominfo,
2004                                    min_pass_len,
2005                                    pass_hist,
2006                                    password_properties,
2007                                    u_expire,
2008                                    u_min_age);
2009
2010                 reject->reason = reject_reason;
2011
2012                 *r->out.dominfo = dominfo;
2013                 *r->out.reject = reject;
2014         }
2015
2016         DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
2017
2018         return status;
2019 }
2020
2021 /*******************************************************************
2022 makes a SAMR_R_LOOKUP_RIDS structure.
2023 ********************************************************************/
2024
2025 static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
2026                                   const char **names,
2027                                   struct lsa_String **lsa_name_array_p)
2028 {
2029         struct lsa_String *lsa_name_array = NULL;
2030         uint32_t i;
2031
2032         *lsa_name_array_p = NULL;
2033
2034         if (num_names != 0) {
2035                 lsa_name_array = TALLOC_ZERO_ARRAY(ctx, struct lsa_String, num_names);
2036                 if (!lsa_name_array) {
2037                         return false;
2038                 }
2039         }
2040
2041         for (i = 0; i < num_names; i++) {
2042                 DEBUG(10, ("names[%d]:%s\n", i, names[i] && *names[i] ? names[i] : ""));
2043                 init_lsa_String(&lsa_name_array[i], names[i]);
2044         }
2045
2046         *lsa_name_array_p = lsa_name_array;
2047
2048         return true;
2049 }
2050
2051 /*******************************************************************
2052  _samr_LookupRids
2053  ********************************************************************/
2054
2055 NTSTATUS _samr_LookupRids(pipes_struct *p,
2056                           struct samr_LookupRids *r)
2057 {
2058         NTSTATUS status;
2059         const char **names;
2060         enum lsa_SidType *attrs = NULL;
2061         uint32 *wire_attrs = NULL;
2062         DOM_SID pol_sid;
2063         int num_rids = (int)r->in.num_rids;
2064         uint32 acc_granted;
2065         int i;
2066         struct lsa_Strings names_array;
2067         struct samr_Ids types_array;
2068         struct lsa_String *lsa_names = NULL;
2069
2070         DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
2071
2072         /* find the policy handle.  open a policy on it. */
2073         if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL))
2074                 return NT_STATUS_INVALID_HANDLE;
2075
2076         status = access_check_samr_function(acc_granted,
2077                                             SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
2078                                             "_samr_LookupRids");
2079         if (!NT_STATUS_IS_OK(status)) {
2080                 return status;
2081         }
2082
2083         if (num_rids > 1000) {
2084                 DEBUG(0, ("Got asked for %d rids (more than 1000) -- according "
2085                           "to samba4 idl this is not possible\n", num_rids));
2086                 return NT_STATUS_UNSUCCESSFUL;
2087         }
2088
2089         if (num_rids) {
2090                 names = TALLOC_ZERO_ARRAY(p->mem_ctx, const char *, num_rids);
2091                 attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, enum lsa_SidType, num_rids);
2092                 wire_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids);
2093
2094                 if ((names == NULL) || (attrs == NULL) || (wire_attrs==NULL))
2095                         return NT_STATUS_NO_MEMORY;
2096         } else {
2097                 names = NULL;
2098                 attrs = NULL;
2099                 wire_attrs = NULL;
2100         }
2101
2102         become_root();  /* lookup_sid can require root privs */
2103         status = pdb_lookup_rids(&pol_sid, num_rids, r->in.rids,
2104                                  names, attrs);
2105         unbecome_root();
2106
2107         if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) && (num_rids == 0)) {
2108                 status = NT_STATUS_OK;
2109         }
2110
2111         if (!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
2112                                    &lsa_names)) {
2113                 return NT_STATUS_NO_MEMORY;
2114         }
2115
2116         /* Convert from enum lsa_SidType to uint32 for wire format. */
2117         for (i = 0; i < num_rids; i++) {
2118                 wire_attrs[i] = (uint32)attrs[i];
2119         }
2120
2121         names_array.count = num_rids;
2122         names_array.names = lsa_names;
2123
2124         types_array.count = num_rids;
2125         types_array.ids = wire_attrs;
2126
2127         *r->out.names = names_array;
2128         *r->out.types = types_array;
2129
2130         DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
2131
2132         return status;
2133 }
2134
2135 /*******************************************************************
2136  _samr_OpenUser
2137 ********************************************************************/
2138
2139 NTSTATUS _samr_OpenUser(pipes_struct *p,
2140                         struct samr_OpenUser *r)
2141 {
2142         struct samu *sampass=NULL;
2143         DOM_SID sid;
2144         POLICY_HND domain_pol = *r->in.domain_handle;
2145         POLICY_HND *user_pol = r->out.user_handle;
2146         struct samr_info *info = NULL;
2147         SEC_DESC *psd = NULL;
2148         uint32    acc_granted;
2149         uint32    des_access = r->in.access_mask;
2150         size_t    sd_size;
2151         bool ret;
2152         NTSTATUS nt_status;
2153         SE_PRIV se_rights;
2154
2155         /* find the domain policy handle and get domain SID / access bits in the domain policy. */
2156
2157         if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
2158                 return NT_STATUS_INVALID_HANDLE;
2159
2160         nt_status = access_check_samr_function(acc_granted,
2161                                                SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
2162                                                "_samr_OpenUser" );
2163
2164         if ( !NT_STATUS_IS_OK(nt_status) )
2165                 return nt_status;
2166
2167         if ( !(sampass = samu_new( p->mem_ctx )) ) {
2168                 return NT_STATUS_NO_MEMORY;
2169         }
2170
2171         /* append the user's RID to it */
2172
2173         if (!sid_append_rid(&sid, r->in.rid))
2174                 return NT_STATUS_NO_SUCH_USER;
2175
2176         /* check if access can be granted as requested by client. */
2177
2178         map_max_allowed_access(p->server_info->ptok, &des_access);
2179
2180         make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW);
2181         se_map_generic(&des_access, &usr_generic_mapping);
2182
2183         se_priv_copy( &se_rights, &se_machine_account );
2184         se_priv_add( &se_rights, &se_add_users );
2185
2186         nt_status = access_check_samr_object(psd, p->server_info->ptok,
2187                 &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
2188                 &acc_granted, "_samr_OpenUser");
2189
2190         if ( !NT_STATUS_IS_OK(nt_status) )
2191                 return nt_status;
2192
2193         become_root();
2194         ret=pdb_getsampwsid(sampass, &sid);
2195         unbecome_root();
2196
2197         /* check that the SID exists in our domain. */
2198         if (ret == False) {
2199                 return NT_STATUS_NO_SUCH_USER;
2200         }
2201
2202         TALLOC_FREE(sampass);
2203
2204         /* associate the user's SID and access bits with the new handle. */
2205         if ((info = get_samr_info_by_sid(&sid)) == NULL)
2206                 return NT_STATUS_NO_MEMORY;
2207         info->acc_granted = acc_granted;
2208
2209         /* get a (unique) handle.  open a policy on it. */
2210         if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
2211                 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
2212
2213         return NT_STATUS_OK;
2214 }
2215
2216 /*************************************************************************
2217  *************************************************************************/
2218
2219 static NTSTATUS init_samr_parameters_string(TALLOC_CTX *mem_ctx,
2220                                             DATA_BLOB *blob,
2221                                             struct lsa_BinaryString **_r)
2222 {
2223         struct lsa_BinaryString *r;
2224
2225         if (!blob || !_r) {
2226                 return NT_STATUS_INVALID_PARAMETER;
2227         }
2228
2229         r = TALLOC_ZERO_P(mem_ctx, struct lsa_BinaryString);
2230         if (!r) {
2231                 return NT_STATUS_NO_MEMORY;
2232         }
2233
2234         r->array = TALLOC_ZERO_ARRAY(mem_ctx, uint16_t, blob->length/2);
2235         if (!r->array) {
2236                 return NT_STATUS_NO_MEMORY;
2237         }
2238         memcpy(r->array, blob->data, blob->length);
2239         r->size = blob->length;
2240         r->length = blob->length;
2241
2242         if (!r->array) {
2243                 return NT_STATUS_NO_MEMORY;
2244         }
2245
2246         *_r = r;
2247
2248         return NT_STATUS_OK;
2249 }
2250
2251 /*************************************************************************
2252  get_user_info_7. Safe. Only gives out account_name.
2253  *************************************************************************/
2254
2255 static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx,
2256                                 struct samr_UserInfo7 *r,
2257                                 DOM_SID *user_sid)
2258 {
2259         struct samu *smbpass=NULL;
2260         bool ret;
2261         const char *account_name = NULL;
2262
2263         ZERO_STRUCTP(r);
2264
2265         if ( !(smbpass = samu_new( mem_ctx )) ) {
2266                 return NT_STATUS_NO_MEMORY;
2267         }
2268
2269         become_root();
2270         ret = pdb_getsampwsid(smbpass, user_sid);
2271         unbecome_root();
2272
2273         if ( !ret ) {
2274                 DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
2275                 return NT_STATUS_NO_SUCH_USER;
2276         }
2277
2278         account_name = talloc_strdup(mem_ctx, pdb_get_username(smbpass));
2279         if (!account_name) {
2280                 TALLOC_FREE(smbpass);
2281                 return NT_STATUS_NO_MEMORY;
2282         }
2283         TALLOC_FREE(smbpass);
2284
2285         DEBUG(3,("User:[%s]\n", account_name));
2286
2287         init_samr_user_info7(r, account_name);
2288
2289         return NT_STATUS_OK;
2290 }
2291
2292 /*************************************************************************
2293  get_user_info_9. Only gives out primary group SID.
2294  *************************************************************************/
2295
2296 static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx,
2297                                 struct samr_UserInfo9 *r,
2298                                 DOM_SID *user_sid)
2299 {
2300         struct samu *smbpass=NULL;
2301         bool ret;
2302
2303         ZERO_STRUCTP(r);
2304
2305         if ( !(smbpass = samu_new( mem_ctx )) ) {
2306                 return NT_STATUS_NO_MEMORY;
2307         }
2308
2309         become_root();
2310         ret = pdb_getsampwsid(smbpass, user_sid);
2311         unbecome_root();
2312
2313         if (ret==False) {
2314                 DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
2315                 TALLOC_FREE(smbpass);
2316                 return NT_STATUS_NO_SUCH_USER;
2317         }
2318
2319         DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
2320
2321         init_samr_user_info9(r, pdb_get_group_rid(smbpass));
2322
2323         TALLOC_FREE(smbpass);
2324
2325         return NT_STATUS_OK;
2326 }
2327
2328 /*************************************************************************
2329  get_user_info_16. Safe. Only gives out acb bits.
2330  *************************************************************************/
2331
2332 static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx,
2333                                  struct samr_UserInfo16 *r,
2334                                  DOM_SID *user_sid)
2335 {
2336         struct samu *smbpass=NULL;
2337         bool ret;
2338
2339         ZERO_STRUCTP(r);
2340
2341         if ( !(smbpass = samu_new( mem_ctx )) ) {
2342                 return NT_STATUS_NO_MEMORY;
2343         }
2344
2345         become_root();
2346         ret = pdb_getsampwsid(smbpass, user_sid);
2347         unbecome_root();
2348
2349         if (ret==False) {
2350                 DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
2351                 TALLOC_FREE(smbpass);
2352                 return NT_STATUS_NO_SUCH_USER;
2353         }
2354
2355         DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
2356
2357         init_samr_user_info16(r, pdb_get_acct_ctrl(smbpass));
2358
2359         TALLOC_FREE(smbpass);
2360
2361         return NT_STATUS_OK;
2362 }
2363
2364 /*************************************************************************
2365  get_user_info_18. OK - this is the killer as it gives out password info.
2366  Ensure that this is only allowed on an encrypted connection with a root
2367  user. JRA.
2368  *************************************************************************/
2369
2370 static NTSTATUS get_user_info_18(pipes_struct *p,
2371                                  TALLOC_CTX *mem_ctx,
2372                                  struct samr_UserInfo18 *r,
2373                                  DOM_SID *user_sid)
2374 {
2375         struct samu *smbpass=NULL;
2376         bool ret;
2377
2378         ZERO_STRUCTP(r);
2379
2380         if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
2381                 return NT_STATUS_ACCESS_DENIED;
2382         }
2383
2384         if (p->auth.auth_level != PIPE_AUTH_LEVEL_PRIVACY) {
2385                 return NT_STATUS_ACCESS_DENIED;
2386         }
2387
2388         /*
2389          * Do *NOT* do become_root()/unbecome_root() here ! JRA.
2390          */
2391
2392         if ( !(smbpass = samu_new( mem_ctx )) ) {
2393                 return NT_STATUS_NO_MEMORY;
2394         }
2395
2396         ret = pdb_getsampwsid(smbpass, user_sid);
2397
2398         if (ret == False) {
2399                 DEBUG(4, ("User %s not found\n", sid_string_dbg(user_sid)));
2400                 TALLOC_FREE(smbpass);
2401                 return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;
2402         }
2403
2404         DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) ));
2405
2406         if ( pdb_get_acct_ctrl(smbpass) & ACB_DISABLED) {
2407                 TALLOC_FREE(smbpass);
2408                 return NT_STATUS_ACCOUNT_DISABLED;
2409         }
2410
2411         init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass),
2412                               pdb_get_nt_passwd(smbpass));
2413
2414         TALLOC_FREE(smbpass);
2415
2416         return NT_STATUS_OK;
2417 }
2418
2419 /*************************************************************************
2420  get_user_info_20
2421  *************************************************************************/
2422
2423 static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx,
2424                                  struct samr_UserInfo20 *r,
2425                                  DOM_SID *user_sid)
2426 {
2427         struct samu *sampass=NULL;
2428         bool ret;
2429         const char *munged_dial = NULL;
2430         DATA_BLOB blob;
2431         NTSTATUS status;
2432         struct lsa_BinaryString *parameters = NULL;
2433
2434         ZERO_STRUCTP(r);
2435
2436         if ( !(sampass = samu_new( mem_ctx )) ) {
2437                 return NT_STATUS_NO_MEMORY;
2438         }
2439
2440         become_root();
2441         ret = pdb_getsampwsid(sampass, user_sid);
2442         unbecome_root();
2443
2444         if (ret == False) {
2445                 DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
2446                 TALLOC_FREE(sampass);
2447                 return NT_STATUS_NO_SUCH_USER;
2448         }
2449
2450         munged_dial = pdb_get_munged_dial(sampass);
2451
2452         samr_clear_sam_passwd(sampass);
2453
2454         DEBUG(3,("User:[%s] has [%s] (length: %d)\n", pdb_get_username(sampass),
2455                 munged_dial, (int)strlen(munged_dial)));
2456
2457         if (munged_dial) {
2458                 blob = base64_decode_data_blob(munged_dial);
2459         } else {
2460                 blob = data_blob_string_const_null("");
2461         }
2462
2463         status = init_samr_parameters_string(mem_ctx, &blob, &parameters);
2464         data_blob_free(&blob);
2465         TALLOC_FREE(sampass);
2466         if (!NT_STATUS_IS_OK(status)) {
2467                 return status;
2468         }
2469
2470         init_samr_user_info20(r, parameters);
2471
2472         return NT_STATUS_OK;
2473 }
2474
2475
2476 /*************************************************************************
2477  get_user_info_21
2478  *************************************************************************/
2479
2480 static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
2481                                  struct samr_UserInfo21 *r,
2482                                  DOM_SID *user_sid,
2483                                  DOM_SID *domain_sid)
2484 {
2485         NTSTATUS status;
2486         struct samu *pw = NULL;
2487         bool ret;
2488         const DOM_SID *sid_user, *sid_group;
2489         uint32_t rid, primary_gid;
2490         NTTIME last_logon, last_logoff, last_password_change,
2491                acct_expiry, allow_password_change, force_password_change;
2492         time_t must_change_time;
2493         uint8_t password_expired;
2494         const char *account_name, *full_name, *home_directory, *home_drive,
2495                    *logon_script, *profile_path, *description,
2496                    *workstations, *comment;
2497         struct samr_LogonHours logon_hours;
2498         struct lsa_BinaryString *parameters = NULL;
2499         const char *munged_dial = NULL;
2500         DATA_BLOB blob;
2501
2502         ZERO_STRUCTP(r);
2503
2504         if (!(pw = samu_new(mem_ctx))) {
2505                 return NT_STATUS_NO_MEMORY;
2506         }
2507
2508         become_root();
2509         ret = pdb_getsampwsid(pw, user_sid);
2510         unbecome_root();
2511
2512         if (ret == False) {
2513                 DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
2514                 TALLOC_FREE(pw);
2515                 return NT_STATUS_NO_SUCH_USER;
2516         }
2517
2518         samr_clear_sam_passwd(pw);
2519
2520         DEBUG(3,("User:[%s]\n", pdb_get_username(pw)));
2521
2522         sid_user = pdb_get_user_sid(pw);
2523
2524         if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
2525                 DEBUG(0, ("get_user_info_21: User %s has SID %s, \nwhich conflicts with "
2526                           "the domain sid %s.  Failing operation.\n",
2527                           pdb_get_username(pw), sid_string_dbg(sid_user),
2528                           sid_string_dbg(domain_sid)));
2529                 TALLOC_FREE(pw);
2530                 return NT_STATUS_UNSUCCESSFUL;
2531         }
2532
2533         become_root();
2534         sid_group = pdb_get_group_sid(pw);
2535         unbecome_root();
2536
2537         if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
2538                 DEBUG(0, ("get_user_info_21: User %s has Primary Group SID %s, \n"
2539                           "which conflicts with the domain sid %s.  Failing operation.\n",
2540                           pdb_get_username(pw), sid_string_dbg(sid_group),
2541                           sid_string_dbg(domain_sid)));
2542                 TALLOC_FREE(pw);
2543                 return NT_STATUS_UNSUCCESSFUL;
2544         }
2545
2546         unix_to_nt_time(&last_logon, pdb_get_logon_time(pw));
2547         unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw));
2548         unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw));
2549         unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw));
2550         unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(pw));
2551
2552         must_change_time = pdb_get_pass_must_change_time(pw);
2553         if (must_change_time == get_time_t_max()) {
2554                 unix_to_nt_time_abs(&force_password_change, must_change_time);
2555         } else {
2556                 unix_to_nt_time(&force_password_change, must_change_time);
2557         }
2558
2559         if (pdb_get_pass_must_change_time(pw) == 0) {
2560                 password_expired = PASS_MUST_CHANGE_AT_NEXT_LOGON;
2561         } else {
2562                 password_expired = 0;
2563         }
2564
2565         munged_dial = pdb_get_munged_dial(pw);
2566         if (munged_dial) {
2567                 blob = base64_decode_data_blob(munged_dial);
2568         } else {
2569                 blob = data_blob_string_const_null("");
2570         }
2571
2572         status = init_samr_parameters_string(mem_ctx, &blob, &parameters);
2573         data_blob_free(&blob);
2574         if (!NT_STATUS_IS_OK(status)) {
2575                 TALLOC_FREE(pw);
2576                 return status;
2577         }
2578
2579         account_name = talloc_strdup(mem_ctx, pdb_get_username(pw));
2580         full_name = talloc_strdup(mem_ctx, pdb_get_fullname(pw));
2581         home_directory = talloc_strdup(mem_ctx, pdb_get_homedir(pw));
2582         home_drive = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw));
2583         logon_script = talloc_strdup(mem_ctx, pdb_get_logon_script(pw));
2584         profile_path = talloc_strdup(mem_ctx, pdb_get_profile_path(pw));
2585         description = talloc_strdup(mem_ctx, pdb_get_acct_desc(pw));
2586         workstations = talloc_strdup(mem_ctx, pdb_get_workstations(pw));
2587         comment = talloc_strdup(mem_ctx, pdb_get_comment(pw));
2588
2589         logon_hours = get_logon_hours_from_pdb(mem_ctx, pw);
2590 #if 0
2591
2592         /*
2593           Look at a user on a real NT4 PDC with usrmgr, press
2594           'ok'. Then you will see that fields_present is set to
2595           0x08f827fa. Look at the user immediately after that again,
2596           and you will see that 0x00fffff is returned. This solves
2597           the problem that you get access denied after having looked
2598           at the user.
2599           -- Volker
2600         */
2601
2602 #endif
2603
2604         init_samr_user_info21(r,
2605                               last_logon,
2606                               last_logoff,
2607                               last_password_change,
2608                               acct_expiry,
2609                               allow_password_change,
2610                               force_password_change,
2611                               account_name,
2612                               full_name,
2613                               home_directory,
2614                               home_drive,
2615                               logon_script,
2616                               profile_path,
2617                               description,
2618                               workstations,
2619                               comment,
2620                               parameters,
2621                               rid,
2622                               primary_gid,
2623                               pdb_get_acct_ctrl(pw),
2624                               pdb_build_fields_present(pw),
2625                               logon_hours,
2626                               pdb_get_bad_password_count(pw),
2627                               pdb_get_logon_count(pw),
2628                               0, /* country_code */
2629                               0, /* code_page */
2630                               0, /* nt_password_set */
2631                               0, /* lm_password_set */
2632                               password_expired);
2633         TALLOC_FREE(pw);
2634
2635         return NT_STATUS_OK;
2636 }
2637
2638 /*******************************************************************
2639  _samr_QueryUserInfo
2640  ********************************************************************/
2641
2642 NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
2643                              struct samr_QueryUserInfo *r)
2644 {
2645         NTSTATUS status;
2646         union samr_UserInfo *user_info = NULL;
2647         struct samr_info *info = NULL;
2648         DOM_SID domain_sid;
2649         uint32 rid;
2650
2651         /* search for the handle */
2652         if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
2653                 return NT_STATUS_INVALID_HANDLE;
2654
2655         status = access_check_samr_function(info->acc_granted,
2656                                             SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
2657                                             "_samr_QueryUserInfo");
2658         if (!NT_STATUS_IS_OK(status)) {
2659                 return status;
2660         }
2661
2662         domain_sid = info->sid;
2663
2664         sid_split_rid(&domain_sid, &rid);
2665
2666         if (!sid_check_is_in_our_domain(&info->sid))
2667                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
2668
2669         DEBUG(5,("_samr_QueryUserInfo: sid:%s\n",
2670                  sid_string_dbg(&info->sid)));
2671
2672         user_info = TALLOC_ZERO_P(p->mem_ctx, union samr_UserInfo);
2673         if (!user_info) {
2674                 return NT_STATUS_NO_MEMORY;
2675         }
2676
2677         DEBUG(5,("_samr_QueryUserInfo: user info level: %d\n", r->in.level));
2678
2679         switch (r->in.level) {
2680         case 7:
2681                 status = get_user_info_7(p->mem_ctx, &user_info->info7, &info->sid);
2682                 if (!NT_STATUS_IS_OK(status)) {
2683                         return status;
2684                 }
2685                 break;
2686         case 9:
2687                 status = get_user_info_9(p->mem_ctx, &user_info->info9, &info->sid);
2688                 if (!NT_STATUS_IS_OK(status)) {
2689                         return status;
2690                 }
2691                 break;
2692         case 16:
2693                 status = get_user_info_16(p->mem_ctx, &user_info->info16, &info->sid);
2694                 if (!NT_STATUS_IS_OK(status)) {
2695                         return status;
2696                 }
2697                 break;
2698
2699         case 18:
2700                 status = get_user_info_18(p, p->mem_ctx, &user_info->info18, &info->sid);
2701                 if (!NT_STATUS_IS_OK(status)) {
2702                         return status;
2703                 }
2704                 break;
2705
2706         case 20:
2707                 status = get_user_info_20(p->mem_ctx, &user_info->info20, &info->sid);
2708                 if (!NT_STATUS_IS_OK(status)) {
2709                         return status;
2710                 }
2711                 break;
2712
2713         case 21:
2714                 status = get_user_info_21(p->mem_ctx, &user_info->info21,
2715                                           &info->sid, &domain_sid);
2716                 if (!NT_STATUS_IS_OK(status)) {
2717                         return status;
2718                 }
2719                 break;
2720
2721         default:
2722                 return NT_STATUS_INVALID_INFO_CLASS;
2723         }
2724
2725         *r->out.info = user_info;
2726
2727         DEBUG(5,("_samr_QueryUserInfo: %d\n", __LINE__));
2728
2729         return status;
2730 }
2731
2732 /*******************************************************************
2733  _samr_GetGroupsForUser
2734  ********************************************************************/
2735
2736 NTSTATUS _samr_GetGroupsForUser(pipes_struct *p,
2737                                 struct samr_GetGroupsForUser *r)
2738 {
2739         struct samu *sam_pass=NULL;
2740         DOM_SID  sid;
2741         DOM_SID *sids;
2742         struct samr_RidWithAttribute dom_gid;
2743         struct samr_RidWithAttribute *gids = NULL;
2744         uint32 primary_group_rid;
2745         size_t num_groups = 0;
2746         gid_t *unix_gids;
2747         size_t i, num_gids;
2748         uint32 acc_granted;
2749         bool ret;
2750         NTSTATUS result;
2751         bool success = False;
2752
2753         struct samr_RidWithAttributeArray *rids = NULL;
2754
2755         /*
2756          * from the SID in the request:
2757          * we should send back the list of DOMAIN GROUPS
2758          * the user is a member of
2759          *
2760          * and only the DOMAIN GROUPS
2761          * no ALIASES !!! neither aliases of the domain
2762          * nor aliases of the builtin SID
2763          *
2764          * JFM, 12/2/2001
2765          */
2766
2767         DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
2768
2769         rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidWithAttributeArray);
2770         if (!rids) {
2771                 return NT_STATUS_NO_MEMORY;
2772         }
2773
2774         /* find the policy handle.  open a policy on it. */
2775         if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &sid, &acc_granted, NULL))
2776                 return NT_STATUS_INVALID_HANDLE;
2777
2778         result = access_check_samr_function(acc_granted,
2779                                             SAMR_USER_ACCESS_GET_GROUPS,
2780                                             "_samr_GetGroupsForUser");
2781         if (!NT_STATUS_IS_OK(result)) {
2782                 return result;
2783         }
2784
2785         if (!sid_check_is_in_our_domain(&sid))
2786                 return NT_STATUS_OBJECT_TYPE_MISMATCH;
2787
2788         if ( !(sam_pass = samu_new( p->mem_ctx )) ) {
2789                 return NT_STATUS_NO_MEMORY;
2790         }
2791
2792         become_root();
2793         ret = pdb_getsampwsid(sam_pass, &sid);
2794         unbecome_root();
2795
2796         if (!ret) {
2797                 DEBUG(10, ("pdb_getsampwsid failed for %s\n",
2798                            sid_string_dbg(&sid)));
2799                 return NT_STATUS_NO_SUCH_USER;
2800         }
2801
2802         sids = NULL;
2803
2804         /* make both calls inside the root block */
2805         become_root();
2806         result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
2807                                             &sids, &unix_gids, &num_groups);
2808         if ( NT_STATUS_IS_OK(result) ) {
2809                 success = sid_peek_check_rid(get_global_sam_sid(),
2810                                              pdb_get_group_sid(sam_pass),
2811                                              &primary_group_rid);
2812         }
2813         unbecome_root();
2814
2815         if (!NT_STATUS_IS_OK(result)) {
2816                 DEBUG(10, ("pdb_enum_group_memberships failed for %s\n",
2817                            sid_string_dbg(&sid)));
2818                 return result;
2819         }
2820
2821         if ( !success ) {
2822                 DEBUG(5, ("Group sid %s for user %s not in our domain\n",
2823                           sid_string_dbg(pdb_get_group_sid(sam_pass)),
2824                           pdb_get_username(sam_pass)));
2825                 TALLOC_FREE(sam_pass);
2826                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
2827         }
2828
2829         gids = NULL;
2830         num_gids = 0;
2831
2832         dom_gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
2833                               SE_GROUP_ENABLED);
2834         dom_gid.rid = primary_group_rid;
2835         ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
2836
2837         for (i=0; i<num_groups; i++) {
2838
2839                 if (!sid_peek_check_rid(get_global_sam_sid(),
2840                                         &(sids[i]), &dom_gid.rid)) {
2841                         DEBUG(10, ("Found sid %s not in our domain\n",
2842                                    sid_string_dbg(&sids[i])));
2843                         continue;
2844                 }
2845
2846                 if (dom_gid.rid == primary_group_rid) {
2847                         /* We added the primary group directly from the
2848                          * sam_account. The other SIDs are unique from
2849                          * enum_group_memberships */
2850                         continue;
2851                 }
2852
2853                 ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
2854         }
2855
2856         rids->count = num_gids;
2857         rids->rids = gids;
2858
2859         *r->out.rids = rids;
2860
2861         DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
2862
2863         return result;
2864 }
2865
2866 /*******************************************************************
2867  _samr_QueryDomainInfo
2868  ********************************************************************/
2869
2870 NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
2871                                struct samr_QueryDomainInfo *r)
2872 {
2873         NTSTATUS status = NT_STATUS_OK;
2874         struct samr_info *info = NULL;
2875         union samr_DomainInfo *dom_info;
2876         uint32 min_pass_len,pass_hist,password_properties;
2877         time_t u_expire, u_min_age;
2878         NTTIME nt_expire, nt_min_age;
2879
2880         time_t u_lock_duration, u_reset_time;
2881         NTTIME nt_lock_duration, nt_reset_time;
2882         uint32 lockout;
2883         time_t u_logout;
2884         NTTIME nt_logout;
2885
2886         uint32 account_policy_temp;
2887
2888         time_t seq_num;
2889         uint32 server_role;
2890
2891         uint32 num_users=0, num_groups=0, num_aliases=0;
2892
2893         DEBUG(5,("_samr_QueryDomainInfo: %d\n", __LINE__));
2894
2895         dom_info = TALLOC_ZERO_P(p->mem_ctx, union samr_DomainInfo);
2896         if (!dom_info) {
2897                 return NT_STATUS_NO_MEMORY;
2898         }
2899
2900         /* find the policy handle.  open a policy on it. */
2901         if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) {
2902                 return NT_STATUS_INVALID_HANDLE;
2903         }
2904
2905         status = access_check_samr_function(info->acc_granted,
2906                                             SAMR_ACCESS_OPEN_DOMAIN,
2907                                             "_samr_QueryDomainInfo" );
2908
2909         if ( !NT_STATUS_IS_OK(status) )
2910                 return status;
2911
2912         switch (r->in.level) {
2913                 case 0x01:
2914
2915                         become_root();
2916
2917                         /* AS ROOT !!! */
2918
2919                         pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
2920                         min_pass_len = account_policy_temp;
2921
2922                         pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
2923                         pass_hist = account_policy_temp;
2924
2925                         pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp);
2926                         password_properties = account_policy_temp;
2927
2928                         pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
2929                         u_expire = account_policy_temp;
2930
2931                         pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
2932                         u_min_age = account_policy_temp;
2933
2934                         /* !AS ROOT */
2935
2936                         unbecome_root();
2937
2938                         unix_to_nt_time_abs(&nt_expire, u_expire);
2939                         unix_to_nt_time_abs(&nt_min_age, u_min_age);
2940
2941                         if (lp_check_password_script() && *lp_check_password_script()) {
2942                                 password_properties |= DOMAIN_PASSWORD_COMPLEX;
2943                         }
2944
2945                         init_samr_DomInfo1(&dom_info->info1,
2946                                            (uint16)min_pass_len,
2947                                            (uint16)pass_hist,
2948                                            password_properties,
2949                                            nt_expire,
2950                                            nt_min_age);
2951                         break;
2952                 case 0x02:
2953
2954                         become_root();
2955
2956                         /* AS ROOT !!! */
2957
2958                         num_users = count_sam_users(info->disp_info, ACB_NORMAL);
2959                         num_groups = count_sam_groups(info->disp_info);
2960                         num_aliases = count_sam_aliases(info->disp_info);
2961
2962                         pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
2963                         u_logout = account_policy_temp;
2964
2965                         unix_to_nt_time_abs(&nt_logout, u_logout);
2966
2967                         if (!pdb_get_seq_num(&seq_num))
2968                                 seq_num = time(NULL);
2969
2970                         /* !AS ROOT */
2971
2972                         unbecome_root();
2973
2974                         server_role = ROLE_DOMAIN_PDC;
2975                         if (lp_server_role() == ROLE_DOMAIN_BDC)
2976                                 server_role = ROLE_DOMAIN_BDC;
2977
2978                         init_samr_DomGeneralInformation(&dom_info->general,
2979                                                         nt_logout,
2980                                                         lp_serverstring(),
2981                                                         lp_workgroup(),
2982                                                         global_myname(),
2983                                                         seq_num,
2984                                                         1,
2985                                                         server_role,
2986                                                         1,
2987                                                         num_users,
2988                                                         num_groups,
2989                                                         num_aliases);
2990                         break;
2991                 case 0x03:
2992
2993                         become_root();
2994
2995                         /* AS ROOT !!! */
2996
2997                         {
2998                                 uint32 ul;
2999                                 pdb_get_account_policy(AP_TIME_TO_LOGOUT, &ul);
3000                                 u_logout = (time_t)ul;
3001                         }
3002
3003                         /* !AS ROOT */
3004
3005                         unbecome_root();
3006
3007                         unix_to_nt_time_abs(&nt_logout, u_logout);
3008
3009                         init_samr_DomInfo3(&dom_info->info3,
3010                                            nt_logout);
3011
3012                         break;
3013                 case 0x04:
3014                         init_samr_DomOEMInformation(&dom_info->oem,
3015                                                     lp_serverstring());
3016                         break;
3017                 case 0x05:
3018                         init_samr_DomInfo5(&dom_info->info5,
3019                                            get_global_sam_name());
3020                         break;
3021                 case 0x06:
3022                         /* NT returns its own name when a PDC. win2k and later
3023                          * only the name of the PDC if itself is a BDC (samba4
3024                          * idl) */
3025                         init_samr_DomInfo6(&dom_info->info6,
3026                                            global_myname());
3027                         break;
3028                 case 0x07:
3029                         server_role = ROLE_DOMAIN_PDC;
3030                         if (lp_server_role() == ROLE_DOMAIN_BDC)
3031                                 server_role = ROLE_DOMAIN_BDC;
3032
3033                         init_samr_DomInfo7(&dom_info->info7,
3034                                            server_role);
3035                         break;
3036                 case 0x08:
3037
3038                         become_root();
3039
3040                         /* AS ROOT !!! */
3041
3042                         if (!pdb_get_seq_num(&seq_num)) {
3043                                 seq_num = time(NULL);
3044                         }
3045
3046                         /* !AS ROOT */
3047
3048                         unbecome_root();
3049
3050                         init_samr_DomInfo8(&dom_info->info8,
3051                                            seq_num,
3052                                            0);
3053                         break;
3054                 case 0x0c:
3055
3056                         become_root();
3057
3058                         /* AS ROOT !!! */
3059
3060                         pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
3061                         u_lock_duration = account_policy_temp;
3062                         if (u_lock_duration != -1) {
3063                                 u_lock_duration *= 60;
3064                         }
3065
3066                         pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
3067                         u_reset_time = account_policy_temp * 60;
3068
3069                         pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
3070                         lockout = account_policy_temp;
3071
3072                         /* !AS ROOT */
3073
3074                         unbecome_root();
3075
3076                         unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
3077                         unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
3078
3079                         init_samr_DomInfo12(&dom_info->info12,
3080                                             nt_lock_duration,
3081                                             nt_reset_time,
3082                                             (uint16)lockout);
3083                         break;
3084                 default:
3085                         return NT_STATUS_INVALID_INFO_CLASS;
3086         }
3087
3088         *r->out.info = dom_info;
3089
3090         DEBUG(5,("_samr_QueryDomainInfo: %d\n", __LINE__));
3091
3092         return status;
3093 }
3094
3095 /* W2k3 seems to use the same check for all 3 objects that can be created via
3096  * SAMR, if you try to create for example "Dialup" as an alias it says
3097  * "NT_STATUS_USER_EXISTS". This is racy, but we can't really lock the user
3098  * database. */
3099
3100 static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
3101 {
3102         enum lsa_SidType type;
3103         bool result;
3104
3105         DEBUG(10, ("Checking whether [%s] can be created\n", new_name));
3106
3107         become_root();
3108         /* Lookup in our local databases (LOOKUP_NAME_REMOTE not set)
3109          * whether the name already exists */
3110         result = lookup_name(mem_ctx, new_name, LOOKUP_NAME_LOCAL,
3111                              NULL, NULL, NULL, &type);
3112         unbecome_root();
3113
3114         if (!result) {
3115                 DEBUG(10, ("%s does not exist, can create it\n", new_name));
3116                 return NT_STATUS_OK;
3117         }
3118
3119         DEBUG(5, ("trying to create %s, exists as %s\n",
3120                   new_name, sid_type_lookup(type)));
3121
3122         if (type == SID_NAME_DOM_GRP) {
3123                 return NT_STATUS_GROUP_EXISTS;
3124         }
3125         if (type == SID_NAME_ALIAS) {
3126                 return NT_STATUS_ALIAS_EXISTS;
3127         }
3128
3129         /* Yes, the default is NT_STATUS_USER_EXISTS */
3130         return NT_STATUS_USER_EXISTS;
3131 }
3132
3133 /*******************************************************************
3134  _samr_CreateUser2
3135  ********************************************************************/
3136
3137 NTSTATUS _samr_CreateUser2(pipes_struct *p,
3138                            struct samr_CreateUser2 *r)
3139 {
3140         const char *account = NULL;
3141         DOM_SID sid;
3142         POLICY_HND dom_pol = *r->in.domain_handle;
3143         uint32_t acb_info = r->in.acct_flags;
3144         POLICY_HND *user_pol = r->out.user_handle;
3145         struct samr_info *info = NULL;
3146         NTSTATUS nt_status;
3147         uint32 acc_granted;
3148         SEC_DESC *psd;
3149         size_t    sd_size;
3150         /* check this, when giving away 'add computer to domain' privs */
3151         uint32    des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
3152         bool can_add_account = False;
3153         SE_PRIV se_rights;
3154         DISP_INFO *disp_info = NULL;
3155
3156         /* Get the domain SID stored in the domain policy */
3157         if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted,
3158                                      &disp_info))
3159                 return NT_STATUS_INVALID_HANDLE;
3160
3161         nt_status = access_check_samr_function(acc_granted,
3162                                                SAMR_DOMAIN_ACCESS_CREATE_USER,
3163                                                "_samr_CreateUser2");
3164         if (!NT_STATUS_IS_OK(nt_status)) {
3165                 return nt_status;
3166         }
3167
3168         if (!(acb_info == ACB_NORMAL || acb_info == ACB_DOMTRUST ||
3169               acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) {
3170                 /* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if
3171                    this parameter is not an account type */
3172                 return NT_STATUS_INVALID_PARAMETER;
3173         }
3174
3175         account = r->in.account_name->string;
3176         if (account == NULL) {
3177                 return NT_STATUS_NO_MEMORY;
3178         }
3179
3180         nt_status = can_create(p->mem_ctx, account);
3181         if (!NT_STATUS_IS_OK(nt_status)) {
3182                 return nt_status;
3183         }
3184
3185         /* determine which user right we need to check based on the acb_info */
3186
3187         if ( acb_info & ACB_WSTRUST )
3188         {
3189                 se_priv_copy( &se_rights, &se_machine_account );
3190                 can_add_account = user_has_privileges(
3191                         p->server_info->ptok, &se_rights );
3192         }
3193         /* usrmgr.exe (and net rpc trustdom grant) creates a normal user
3194            account for domain trusts and changes the ACB flags later */
3195         else if ( acb_info & ACB_NORMAL &&
3196                   (account[strlen(account)-1] != '$') )