2000-05-09 17:28:19 +04:00
# define OLD_NTDOMAIN 1
1998-03-12 00:11:04 +03:00
/*
* Unix SMB / Netbios implementation .
* Version 1.9 .
* RPC Pipe client / server routines
* Copyright ( C ) Andrew Tridgell 1992 - 1997 ,
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1997 ,
* Copyright ( C ) Paul Ashton 1997.
2000-03-21 21:33:08 +03:00
* Copyright ( C ) Hewlett - Packard Company 1999.
1998-03-12 00:11:04 +03:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
extern int DEBUGLEVEL ;
1999-12-13 16:27:58 +03:00
extern fstring global_myworkgroup ;
1998-10-22 01:11:16 +04:00
extern pstring global_myname ;
1998-10-22 02:36:26 +04:00
extern DOM_SID global_sam_sid ;
1999-12-13 16:27:58 +03:00
extern rid_name domain_group_rids [ ] ;
extern rid_name domain_alias_rids [ ] ;
extern rid_name builtin_alias_rids [ ] ;
1998-05-14 07:32:21 +04:00
1998-03-12 00:11:04 +03:00
/*******************************************************************
This next function should be replaced with something that
dynamically returns the correct user info . . . . . JRA .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-11-14 02:03:34 +03:00
static BOOL get_sampwd_entries ( SAM_USER_INFO_21 * pw_buf , int start_idx ,
1998-03-12 00:11:04 +03:00
int * total_entries , int * num_entries ,
2000-11-14 02:03:34 +03:00
int max_num_entries , uint16 acb_mask )
1998-03-12 00:11:04 +03:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * pwd = NULL ;
1998-05-06 21:43:44 +04:00
( * num_entries ) = 0 ;
( * total_entries ) = 0 ;
2000-11-14 02:03:34 +03:00
if ( pw_buf = = NULL )
return False ;
1998-05-06 21:43:44 +04:00
2000-11-14 02:03:34 +03:00
if ( ! pdb_setsampwent ( False ) )
{
DEBUG ( 0 , ( " get_sampwd_entries: Unable to open passdb. \n " ) ) ;
1998-05-06 21:43:44 +04:00
return False ;
}
2000-11-14 02:03:34 +03:00
while ( ( ( pwd = pdb_getsampwent ( ) ) ! = NULL ) & & ( ( * num_entries ) < max_num_entries ) )
{
1998-10-21 22:06:46 +04:00
int user_name_len ;
2000-03-21 21:33:08 +03:00
if ( start_idx > 0 ) {
1998-10-21 22:06:46 +04:00
/* skip the requested number of entries.
not very efficient , but hey . . .
*/
1999-12-13 16:27:58 +03:00
start_idx - - ;
1998-10-21 22:06:46 +04:00
continue ;
}
2000-11-14 02:03:34 +03:00
user_name_len = strlen ( pdb_get_username ( pwd ) ) + 1 ;
init_unistr2 ( & ( pw_buf [ ( * num_entries ) ] . uni_user_name ) , pdb_get_username ( pwd ) , user_name_len ) ;
1999-12-13 16:27:58 +03:00
init_uni_hdr ( & ( pw_buf [ ( * num_entries ) ] . hdr_user_name ) , user_name_len ) ;
2000-11-14 02:03:34 +03:00
pw_buf [ ( * num_entries ) ] . user_rid = pdb_get_user_rid ( pwd ) ;
1999-12-13 16:27:58 +03:00
memset ( ( char * ) pw_buf [ ( * num_entries ) ] . nt_pwd , ' \0 ' , 16 ) ;
1998-05-06 21:43:44 +04:00
/* Now check if the NT compatible password is available. */
2000-11-14 02:03:34 +03:00
if ( pdb_get_nt_passwd ( pwd ) ! = NULL )
{
memcpy ( pw_buf [ ( * num_entries ) ] . nt_pwd , pdb_get_nt_passwd ( pwd ) , 16 ) ;
1998-05-06 21:43:44 +04:00
}
2000-11-14 02:03:34 +03:00
pw_buf [ ( * num_entries ) ] . acb_info = pdb_get_acct_ctrl ( pwd ) ;
1998-05-06 21:43:44 +04:00
1998-09-25 00:02:56 +04:00
DEBUG ( 5 , ( " entry idx: %d user %s, rid 0x%x, acb %x " ,
2000-11-14 02:03:34 +03:00
( * num_entries ) , pdb_get_username ( pwd ) ,
pdb_get_user_rid ( pwd ) , pdb_get_acct_ctrl ( pwd ) ) ) ;
1998-05-06 21:43:44 +04:00
2000-11-14 02:03:34 +03:00
if ( acb_mask = = 0 | | ( pdb_get_acct_ctrl ( pwd ) & acb_mask ) )
{
1998-05-06 21:43:44 +04:00
DEBUG ( 5 , ( " acb_mask %x accepts \n " , acb_mask ) ) ;
( * num_entries ) + + ;
2000-11-14 02:03:34 +03:00
}
else
{
1998-05-06 21:43:44 +04:00
DEBUG ( 5 , ( " acb_mask %x rejects \n " , acb_mask ) ) ;
}
( * total_entries ) + + ;
}
2000-11-14 02:03:34 +03:00
pdb_endsampwent ( ) ;
1998-05-06 21:43:44 +04:00
return ( * num_entries ) > 0 ;
1998-03-12 00:11:04 +03:00
}
2000-03-21 21:33:08 +03:00
/*******************************************************************
This function uses the username map file and tries to map a UNIX
user name to an DOS name . ( Sort of the reverse of the
map_username ( ) function . ) Since more than one DOS name can map
to the UNIX name , to reverse the mapping you have to specify
which corresponding DOS name you want ; that ' s where the name_idx
parameter comes in . Returns the string requested or NULL if it
fails or can ' t complete the request for any reason . This doesn ' t
handle group names ( starting with ' @ ' ) or names starting with
' + ' or ' & ' . If they are encountered , they are skipped .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static char * unmap_unixname ( char * unix_user_name , int name_idx )
{
char * mapfile = lp_username_map ( ) ;
2000-04-16 13:42:09 +04:00
char * * lines ;
2000-03-21 21:33:08 +03:00
static pstring tok ;
2000-04-16 13:42:09 +04:00
int i ;
2000-03-21 21:33:08 +03:00
if ( ! * unix_user_name ) return NULL ;
if ( ! * mapfile ) return NULL ;
2000-12-07 22:26:04 +03:00
lines = file_lines_load ( mapfile , NULL , False ) ;
2000-04-16 13:42:09 +04:00
if ( ! lines ) {
2000-03-21 21:33:08 +03:00
DEBUG ( 0 , ( " unmap_unixname: can't open username map %s \n " , mapfile ) ) ;
return NULL ;
}
DEBUG ( 5 , ( " unmap_unixname: scanning username map %s, index: %d \n " , mapfile , name_idx ) ) ;
2000-04-16 13:42:09 +04:00
for ( i = 0 ; lines [ i ] ; i + + ) {
2000-05-12 10:38:41 +04:00
char * unixname = lines [ i ] ;
2000-03-21 21:33:08 +03:00
char * dosname = strchr ( unixname , ' = ' ) ;
if ( ! dosname )
continue ;
* dosname + + = 0 ;
while ( isspace ( * unixname ) )
unixname + + ;
if ( ' ! ' = = * unixname ) {
unixname + + ;
while ( * unixname & & isspace ( * unixname ) )
unixname + + ;
}
if ( ! * unixname | | strchr ( " #; " , * unixname ) )
continue ;
if ( strncmp ( unixname , unix_user_name , strlen ( unix_user_name ) ) )
continue ;
/* We have matched the UNIX user name */
while ( next_token ( & dosname , tok , LIST_SEP , sizeof ( tok ) ) ) {
if ( ! strchr ( " @&+ " , * tok ) ) {
name_idx - - ;
if ( name_idx < 0 ) {
break ;
}
}
}
if ( name_idx > = 0 ) {
DEBUG ( 0 , ( " unmap_unixname: index too high - not that many DOS names \n " ) ) ;
2000-04-16 13:42:09 +04:00
file_lines_free ( lines ) ;
2000-03-21 21:33:08 +03:00
return NULL ;
} else {
2000-04-16 13:42:09 +04:00
file_lines_free ( lines ) ;
2000-03-21 21:33:08 +03:00
return tok ;
}
}
DEBUG ( 0 , ( " unmap_unixname: Couldn't find the UNIX user name \n " ) ) ;
2000-04-16 13:42:09 +04:00
file_lines_free ( lines ) ;
2000-03-21 21:33:08 +03:00
return NULL ;
}
/*******************************************************************
This function sets up a list of users taken from the list of
users that UNIX knows about , as well as all the user names that
Samba maps to a valid UNIX user name . ( This should work with
/ etc / passwd or NIS . )
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL get_passwd_entries ( SAM_USER_INFO_21 * pw_buf ,
int start_idx ,
int * total_entries , int * num_entries ,
int max_num_entries ,
uint16 acb_mask )
{
static struct passwd * pwd = NULL ;
static uint32 pw_rid ;
static BOOL orig_done = False ;
static int current_idx = 0 ;
static int mapped_idx = 0 ;
2000-07-13 08:33:25 +04:00
char * sep ;
2000-03-21 21:33:08 +03:00
DEBUG ( 5 , ( " get_passwd_entries: retrieving a list of UNIX users \n " ) ) ;
( * num_entries ) = 0 ;
( * total_entries ) = 0 ;
2001-01-10 19:05:41 +03:00
/* Skip all this stuff if we're in appliance mode */
if ( lp_hide_local_users ( ) ) goto done ;
2000-03-21 21:33:08 +03:00
if ( pw_buf = = NULL ) return False ;
if ( current_idx = = 0 ) {
setpwent ( ) ;
}
/* These two cases are inefficient, but should be called very rarely */
/* they are the cases where the starting index isn't picking up */
/* where we left off last time. It is efficient when it starts over */
/* at zero though. */
if ( start_idx > current_idx ) {
/* We aren't far enough; advance to start_idx */
while ( current_idx < start_idx ) {
char * unmap_name ;
if ( ! orig_done ) {
if ( ( pwd = getpwent ( ) ) = = NULL ) break ;
current_idx + + ;
orig_done = True ;
}
while ( ( ( unmap_name = unmap_unixname ( pwd - > pw_name , mapped_idx ) ) ! = NULL ) & &
( current_idx < start_idx ) ) {
current_idx + + ;
mapped_idx + + ;
}
if ( unmap_name = = NULL ) {
orig_done = False ;
mapped_idx = 0 ;
}
}
} else if ( start_idx < current_idx ) {
/* We are already too far; start over and advance to start_idx */
endpwent ( ) ;
setpwent ( ) ;
current_idx = 0 ;
mapped_idx = 0 ;
orig_done = False ;
while ( current_idx < start_idx ) {
char * unmap_name ;
if ( ! orig_done ) {
if ( ( pwd = getpwent ( ) ) = = NULL ) break ;
current_idx + + ;
orig_done = True ;
}
while ( ( ( unmap_name = unmap_unixname ( pwd - > pw_name , mapped_idx ) ) ! = NULL ) & &
( current_idx < start_idx ) ) {
current_idx + + ;
mapped_idx + + ;
}
if ( unmap_name = = NULL ) {
orig_done = False ;
mapped_idx = 0 ;
}
}
}
2000-07-13 08:33:25 +04:00
sep = lp_winbind_separator ( ) ;
2000-03-21 21:33:08 +03:00
/* now current_idx == start_idx */
while ( ( * num_entries ) < max_num_entries ) {
int user_name_len ;
char * unmap_name ;
/* This does the original UNIX user itself */
if ( ! orig_done ) {
if ( ( pwd = getpwent ( ) ) = = NULL ) break ;
2000-07-13 08:33:25 +04:00
/* Don't enumerate winbind users as they are not local */
if ( strchr ( pwd - > pw_name , * sep ) ! = NULL ) {
continue ;
}
2000-03-21 21:33:08 +03:00
user_name_len = strlen ( pwd - > pw_name ) ;
pw_rid = pdb_uid_to_user_rid ( pwd - > pw_uid ) ;
2000-06-01 21:01:34 +04:00
ZERO_STRUCTP ( & pw_buf [ ( * num_entries ) ] ) ;
2000-03-21 21:33:08 +03:00
init_unistr2 ( & ( pw_buf [ ( * num_entries ) ] . uni_user_name ) , pwd - > pw_name , user_name_len ) ;
init_uni_hdr ( & ( pw_buf [ ( * num_entries ) ] . hdr_user_name ) , user_name_len ) ;
pw_buf [ ( * num_entries ) ] . user_rid = pw_rid ;
memset ( ( char * ) pw_buf [ ( * num_entries ) ] . nt_pwd , ' \0 ' , 16 ) ;
pw_buf [ ( * num_entries ) ] . acb_info = ACB_NORMAL ;
DEBUG ( 5 , ( " get_passwd_entries: entry idx %d user %s, rid 0x%x \n " , ( * num_entries ) , pwd - > pw_name , pw_rid ) ) ;
( * num_entries ) + + ;
( * total_entries ) + + ;
current_idx + + ;
orig_done = True ;
}
/* This does all the user names that map to the UNIX user */
while ( ( ( unmap_name = unmap_unixname ( pwd - > pw_name , mapped_idx ) ) ! = NULL ) & &
( * num_entries < max_num_entries ) ) {
user_name_len = strlen ( unmap_name ) ;
2000-06-01 21:01:34 +04:00
ZERO_STRUCTP ( & pw_buf [ ( * num_entries ) ] ) ;
2000-03-21 21:33:08 +03:00
init_unistr2 ( & ( pw_buf [ ( * num_entries ) ] . uni_user_name ) , unmap_name , user_name_len ) ;
init_uni_hdr ( & ( pw_buf [ ( * num_entries ) ] . hdr_user_name ) , user_name_len ) ;
pw_buf [ ( * num_entries ) ] . user_rid = pw_rid ;
memset ( ( char * ) pw_buf [ ( * num_entries ) ] . nt_pwd , ' \0 ' , 16 ) ;
pw_buf [ ( * num_entries ) ] . acb_info = ACB_NORMAL ;
DEBUG ( 5 , ( " get_passwd_entries: entry idx %d user %s, rid 0x%x \n " , ( * num_entries ) , pwd - > pw_name , pw_rid ) ) ;
( * num_entries ) + + ;
( * total_entries ) + + ;
current_idx + + ;
mapped_idx + + ;
}
if ( unmap_name = = NULL ) {
/* done with 'aliases', go on to next UNIX user */
orig_done = False ;
mapped_idx = 0 ;
}
}
if ( pwd = = NULL ) {
/* totally done, reset everything */
endpwent ( ) ;
current_idx = 0 ;
mapped_idx = 0 ;
}
2001-01-10 19:05:41 +03:00
done :
2000-03-21 21:33:08 +03:00
return ( * num_entries ) > 0 ;
}
1998-03-12 00:11:04 +03:00
/*******************************************************************
samr_reply_unknown_1
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_close_hnd ( SAMR_Q_CLOSE_HND * q_u ,
1998-03-12 00:11:04 +03:00
prs_struct * rdata )
{
SAMR_R_CLOSE_HND r_u ;
/* set up the SAMR unknown_1 response */
1999-12-13 16:27:58 +03:00
memset ( ( char * ) r_u . pol . data , ' \0 ' , POL_HND_SIZE ) ;
1998-03-12 00:11:04 +03:00
/* close the policy handle */
1999-12-13 16:27:58 +03:00
if ( close_lsa_policy_hnd ( & ( q_u - > pol ) ) )
1998-03-12 00:11:04 +03:00
{
r_u . status = 0 ;
}
else
{
r_u . status = 0xC0000000 | NT_STATUS_OBJECT_NAME_INVALID ;
}
DEBUG ( 5 , ( " samr_reply_close_hnd: %d \n " , __LINE__ ) ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_close_hnd ( " " , & r_u , rdata , 0 ) )
return False ;
1998-03-12 00:11:04 +03:00
DEBUG ( 5 , ( " samr_reply_close_hnd: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
api_samr_close_hnd
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_close_hnd ( pipes_struct * p )
1998-03-12 00:11:04 +03:00
{
SAMR_Q_CLOSE_HND q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr unknown 1 */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_close_hnd ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_close_hnd ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
samr_reply_open_domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_open_domain ( SAMR_Q_OPEN_DOMAIN * q_u ,
1998-03-12 00:11:04 +03:00
prs_struct * rdata )
{
SAMR_R_OPEN_DOMAIN r_u ;
BOOL pol_open = False ;
r_u . status = 0x0 ;
/* find the connection policy handle. */
2001-01-12 02:49:51 +03:00
if ( r_u . status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
1998-03-12 00:11:04 +03:00
{
r_u . status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
/* get a (unique) handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( r_u . status = = 0x0 & & ! ( pol_open = open_lsa_policy_hnd ( & ( r_u . domain_pol ) ) ) )
1998-03-12 00:11:04 +03:00
{
r_u . status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
/* associate the domain SID with the (unique) handle. */
1999-12-13 16:27:58 +03:00
if ( r_u . status = = 0x0 & & ! set_lsa_policy_samr_sid ( & ( r_u . domain_pol ) , & ( q_u - > dom_sid . sid ) ) )
1998-03-12 00:11:04 +03:00
{
/* oh, whoops. don't know what error message to return, here */
r_u . status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( r_u . status ! = 0 & & pol_open )
{
1999-12-13 16:27:58 +03:00
close_lsa_policy_hnd ( & ( r_u . domain_pol ) ) ;
1998-03-12 00:11:04 +03:00
}
DEBUG ( 5 , ( " samr_open_domain: %d \n " , __LINE__ ) ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_open_domain ( " " , & r_u , rdata , 0 ) )
return False ;
1998-03-12 00:11:04 +03:00
DEBUG ( 5 , ( " samr_open_domain: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
api_samr_open_domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_open_domain ( pipes_struct * p )
1998-03-12 00:11:04 +03:00
{
SAMR_Q_OPEN_DOMAIN q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_open_domain ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_open_domain ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1998-03-12 00:11:04 +03:00
}
1998-10-22 01:11:16 +04:00
/*******************************************************************
samr_reply_unknown_2c
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_unknown_2c ( SAMR_Q_UNKNOWN_2C * q_u ,
1998-10-22 01:11:16 +04:00
prs_struct * rdata )
{
SAMR_R_UNKNOWN_2C r_u ;
uint32 status = 0x0 ;
/* find the policy handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > user_pol ) ) = = - 1 ) )
1998-10-22 01:11:16 +04:00
{
status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
/* find the user's rid */
1999-12-13 16:27:58 +03:00
if ( ( status = = 0x0 ) & & ( get_lsa_policy_samr_rid ( & ( q_u - > user_pol ) ) = = 0xffffffff ) )
1998-10-22 01:11:16 +04:00
{
1999-12-13 16:27:58 +03:00
status = NT_STATUS_OBJECT_TYPE_MISMATCH ;
1998-10-22 01:11:16 +04:00
}
1999-12-13 16:27:58 +03:00
init_samr_r_unknown_2c ( & r_u , status ) ;
1998-10-22 01:11:16 +04:00
DEBUG ( 5 , ( " samr_unknown_2c: %d \n " , __LINE__ ) ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_unknown_2c ( " " , & r_u , rdata , 0 ) )
return False ;
1998-10-22 01:11:16 +04:00
DEBUG ( 5 , ( " samr_unknown_2c: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1998-10-22 01:11:16 +04:00
}
/*******************************************************************
api_samr_unknown_2c
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_unknown_2c ( pipes_struct * p )
1998-10-22 01:11:16 +04:00
{
SAMR_Q_UNKNOWN_2C q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_unknown_2c ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_unknown_2c ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1998-10-22 01:11:16 +04:00
}
1998-03-12 00:11:04 +03:00
/*******************************************************************
samr_reply_unknown_3
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_unknown_3 ( SAMR_Q_UNKNOWN_3 * q_u ,
1998-03-12 00:11:04 +03:00
prs_struct * rdata )
{
SAMR_R_UNKNOWN_3 r_u ;
DOM_SID3 sid [ MAX_SAM_SIDS ] ;
uint32 rid ;
uint32 status ;
status = 0x0 ;
/* find the policy handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > user_pol ) ) = = - 1 ) )
1998-03-12 00:11:04 +03:00
{
status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
/* find the user's rid */
1999-12-13 16:27:58 +03:00
if ( status = = 0x0 & & ( rid = get_lsa_policy_samr_rid ( & ( q_u - > user_pol ) ) ) = = 0xffffffff )
1998-03-12 00:11:04 +03:00
{
1999-12-13 16:27:58 +03:00
status = NT_STATUS_OBJECT_TYPE_MISMATCH ;
1998-03-12 00:11:04 +03:00
}
if ( status = = 0x0 )
{
1999-12-13 16:27:58 +03:00
DOM_SID user_sid ;
DOM_SID everyone_sid ;
1998-05-15 01:10:49 +04:00
1999-12-13 16:27:58 +03:00
user_sid = global_sam_sid ;
1998-08-22 06:54:21 +04:00
1999-12-13 16:27:58 +03:00
SMB_ASSERT_ARRAY ( user_sid . sub_auths , user_sid . num_auths + 1 ) ;
1998-08-22 06:54:21 +04:00
1998-10-22 01:11:16 +04:00
/*
* Add the user RID .
*/
1999-12-13 16:27:58 +03:00
user_sid . sub_auths [ user_sid . num_auths + + ] = rid ;
1998-10-22 01:11:16 +04:00
1999-12-13 16:27:58 +03:00
string_to_sid ( & everyone_sid , " S-1-1 " ) ;
/* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
/* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
init_dom_sid3 ( & ( sid [ 0 ] ) , 0x035b , 0x0002 , & everyone_sid ) ;
init_dom_sid3 ( & ( sid [ 1 ] ) , 0x0044 , 0x0002 , & user_sid ) ;
1998-03-12 00:11:04 +03:00
}
1999-12-13 16:27:58 +03:00
init_samr_r_unknown_3 ( & r_u ,
1998-03-12 00:11:04 +03:00
0x0001 , 0x8004 ,
0x00000014 , 0x0002 , 0x0070 ,
2 , sid , status ) ;
DEBUG ( 5 , ( " samr_unknown_3: %d \n " , __LINE__ ) ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_unknown_3 ( " " , & r_u , rdata , 0 ) )
return False ;
1998-03-12 00:11:04 +03:00
DEBUG ( 5 , ( " samr_unknown_3: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
api_samr_unknown_3
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_unknown_3 ( pipes_struct * p )
1998-03-12 00:11:04 +03:00
{
SAMR_Q_UNKNOWN_3 q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_unknown_3 ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_unknown_3 ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
samr_reply_enum_dom_users
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_enum_dom_users ( SAMR_Q_ENUM_DOM_USERS * q_u ,
1998-03-12 00:11:04 +03:00
prs_struct * rdata )
{
SAMR_R_ENUM_DOM_USERS r_e ;
SAM_USER_INFO_21 pass [ MAX_SAM_ENTRIES ] ;
int num_entries ;
int total_entries ;
2000-08-18 09:57:09 +04:00
ZERO_STRUCT ( r_e ) ;
1998-03-12 00:11:04 +03:00
r_e . status = 0x0 ;
1999-12-13 16:27:58 +03:00
r_e . total_num_entries = 0 ;
1998-03-12 00:11:04 +03:00
/* find the policy handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( r_e . status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
1998-03-12 00:11:04 +03:00
{
r_e . status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
DEBUG ( 5 , ( " samr_reply_enum_dom_users: %d \n " , __LINE__ ) ) ;
2000-06-23 09:53:18 +04:00
become_root ( ) ;
1999-12-13 16:27:58 +03:00
get_sampwd_entries ( pass , 0 , & total_entries , & num_entries , MAX_SAM_ENTRIES , q_u - > acb_mask ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
init_samr_r_enum_dom_users ( & r_e , total_entries ,
q_u - > unknown_0 , num_entries ,
1998-03-12 00:11:04 +03:00
pass , r_e . status ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_enum_dom_users ( " " , & r_e , rdata , 0 ) )
return False ;
1998-03-12 00:11:04 +03:00
DEBUG ( 5 , ( " samr_enum_dom_users: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
api_samr_enum_dom_users
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_enum_dom_users ( pipes_struct * p )
1998-03-12 00:11:04 +03:00
{
SAMR_Q_ENUM_DOM_USERS q_e ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_enum_dom_users ( " " , & q_e , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_enum_dom_users ( & q_e , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_enum_dom_groups
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_enum_dom_groups ( SAMR_Q_ENUM_DOM_GROUPS * q_u ,
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
prs_struct * rdata )
{
1999-12-13 16:27:58 +03:00
SAMR_R_ENUM_DOM_GROUPS r_e ;
SAM_USER_INFO_21 pass [ MAX_SAM_ENTRIES ] ;
int num_entries ;
BOOL got_grps ;
char * dummy_group = " Domain Admins " ;
2000-08-18 09:57:09 +04:00
ZERO_STRUCT ( r_e ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
r_e . status = 0x0 ;
1999-12-13 16:27:58 +03:00
r_e . num_entries = 0 ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* find the policy handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( r_e . status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
r_e . status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_reply_enum_dom_groups: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
got_grps = True ;
num_entries = 1 ;
2000-06-01 21:01:34 +04:00
ZERO_STRUCTP ( & pass [ 0 ] ) ;
2000-10-13 18:02:01 +04:00
init_unistr2 ( & ( pass [ 0 ] . uni_user_name ) , dummy_group , strlen ( dummy_group ) + 1 ) ;
1999-12-13 16:27:58 +03:00
pass [ 0 ] . user_rid = DOMAIN_GROUP_RID_ADMINS ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
if ( r_e . status = = 0 & & got_grps )
{
init_samr_r_enum_dom_groups ( & r_e , q_u - > start_idx , num_entries , pass , r_e . status ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_enum_dom_groups ( " " , & r_e , rdata , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_enum_dom_groups: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_enum_dom_groups
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_enum_dom_groups ( pipes_struct * p )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_ENUM_DOM_GROUPS q_e ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_enum_dom_groups ( " " , & q_e , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_enum_dom_groups ( & q_e , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_enum_dom_aliases
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_enum_dom_aliases ( SAMR_Q_ENUM_DOM_ALIASES * q_u ,
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
prs_struct * rdata )
{
1999-12-13 16:27:58 +03:00
SAMR_R_ENUM_DOM_ALIASES r_e ;
SAM_USER_INFO_21 pass [ MAX_SAM_ENTRIES ] ;
int num_entries = 0 ;
DOM_SID sid ;
fstring sid_str ;
fstring sam_sid_str ;
2000-03-21 21:33:08 +03:00
struct group * grp ;
2000-08-16 07:38:52 +04:00
2000-08-16 01:09:54 +04:00
ZERO_STRUCT ( r_e ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* find the policy handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( r_e . status = = 0x0 & & ! get_lsa_policy_samr_sid ( & q_u - > pol , & sid ) )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
r_e . status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
1999-12-13 16:27:58 +03:00
sid_to_string ( sid_str , & sid ) ;
sid_to_string ( sam_sid_str , & global_sam_sid ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_reply_enum_dom_aliases: sid %s \n " , sid_str ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
/* well-known aliases */
if ( strequal ( sid_str , " S-1-5-32 " ) )
{
char * name ;
2001-01-10 19:05:41 +03:00
while ( ! lp_hide_local_users ( ) & &
num_entries < MAX_SAM_ENTRIES & &
( ( name = builtin_alias_rids [ num_entries ] . name ) ! = NULL ) )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
2000-10-13 18:02:01 +04:00
init_unistr2 ( & ( pass [ num_entries ] . uni_user_name ) , name , strlen ( name ) + 1 ) ;
1999-12-13 16:27:58 +03:00
pass [ num_entries ] . user_rid = builtin_alias_rids [ num_entries ] . rid ;
num_entries + + ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
}
2001-01-10 19:05:41 +03:00
else if ( strequal ( sid_str , sam_sid_str ) & & ! lp_hide_local_users ( ) )
1999-12-13 16:27:58 +03:00
{
2000-03-21 21:33:08 +03:00
char * name ;
2000-07-13 08:33:25 +04:00
char * sep ;
sep = lp_winbind_separator ( ) ;
1999-12-13 16:27:58 +03:00
/* local aliases */
2000-03-21 21:33:08 +03:00
/* we return the UNIX groups here. This seems to be the right */
/* thing to do, since NT member servers return their local */
/* groups in the same situation. */
setgrent ( ) ;
while ( num_entries < MAX_SAM_ENTRIES & & ( ( grp = getgrent ( ) ) ! = NULL ) )
{
name = grp - > gr_name ;
2000-07-13 08:33:25 +04:00
/* Don't return winbind groups as they are not local! */
if ( strchr ( name , * sep ) ! = NULL ) {
continue ;
}
2000-10-13 18:02:01 +04:00
init_unistr2 ( & ( pass [ num_entries ] . uni_user_name ) , name , strlen ( name ) + 1 ) ;
2000-03-21 21:33:08 +03:00
pass [ num_entries ] . user_rid = pdb_gid_to_group_rid ( grp - > gr_gid ) ;
num_entries + + ;
}
endgrent ( ) ;
1999-12-13 16:27:58 +03:00
}
init_samr_r_enum_dom_aliases ( & r_e , num_entries , pass , r_e . status ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_enum_dom_aliases ( " " , & r_e , rdata , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_enum_dom_aliases: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_enum_dom_aliases
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:47:52 +04:00
static BOOL api_samr_enum_dom_aliases ( pipes_struct * p )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_ENUM_DOM_ALIASES q_e ;
2000-06-16 12:47:52 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
2000-08-16 07:38:52 +04:00
ZERO_STRUCT ( q_e ) ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_enum_dom_aliases ( " " , & q_e , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_enum_dom_aliases ( & q_e , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_query_dispinfo
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-01 21:01:34 +04:00
static BOOL samr_reply_query_dispinfo ( SAMR_Q_QUERY_DISPINFO * q_u , prs_struct * rdata )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_R_QUERY_DISPINFO r_e ;
SAM_INFO_CTR ctr ;
SAM_INFO_1 info1 ;
SAM_INFO_2 info2 ;
SAM_USER_INFO_21 pass [ MAX_SAM_ENTRIES ] ;
int num_entries = 0 ;
int total_entries = 0 ;
BOOL got_pwds ;
uint16 switch_level = 0x0 ;
ZERO_STRUCT ( r_e ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_reply_query_dispinfo: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* find the policy handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( r_e . status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
r_e . status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_reply_query_dispinfo: invalid handle \n " ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
if ( r_e . status = = 0x0 )
{
2000-05-16 23:45:26 +04:00
/* decide how many entries to get depending on the max_entries
and max_size passed by client */
uint32 retsize ;
if ( q_u - > max_entries > MAX_SAM_ENTRIES )
q_u - > max_entries = MAX_SAM_ENTRIES ;
retsize = ( q_u - > max_entries * ( sizeof ( SAM_ENTRY1 ) + sizeof ( SAM_STR1 ) ) )
+ 3 * sizeof ( uint32 ) ;
if ( retsize > q_u - > max_size )
{
/* determine max_entries based on max_size */
q_u - > max_entries = ( q_u - > max_size - 3 * sizeof ( uint32 ) ) /
( sizeof ( SAM_ENTRY1 ) + sizeof ( SAM_STR1 ) ) ;
q_u - > max_entries = ( q_u - > max_entries > 0 ? q_u - > max_entries : 1 ) ;
}
DEBUG ( 10 , ( " samr_reply_query_dispinfo: Setting q_u->max_entries to %u \n " , q_u - > max_entries ) ) ;
2000-06-23 09:53:18 +04:00
become_root ( ) ;
2000-05-16 23:45:26 +04:00
got_pwds = get_passwd_entries ( pass , q_u - > start_idx , & total_entries , & num_entries , q_u - > max_entries , 0 ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
/* more left - set resume handle */
if ( total_entries > num_entries )
{
r_e . status = 0x105 ;
}
1999-12-13 16:27:58 +03:00
switch ( q_u - > switch_level )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
case 0x1 :
{
/* query disp info is for users */
2000-08-16 07:38:52 +04:00
ZERO_STRUCT ( info1 ) ;
1999-12-13 16:27:58 +03:00
switch_level = 0x1 ;
init_sam_info_1 ( & info1 , ACB_NORMAL ,
q_u - > start_idx , num_entries , pass ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
ctr . sam . info1 = & info1 ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
break ;
}
case 0x2 :
{
/* query disp info is for servers */
2000-08-16 07:38:52 +04:00
ZERO_STRUCT ( info2 ) ;
1999-12-13 16:27:58 +03:00
switch_level = 0x2 ;
init_sam_info_2 ( & info2 , ACB_WSTRUST ,
q_u - > start_idx , num_entries , pass ) ;
ctr . sam . info2 = & info2 ;
break ;
}
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
}
2000-05-16 23:45:26 +04:00
/* more left - set resume handle */
if ( total_entries > num_entries )
{
r_e . status = 0x105 ;
}
if ( r_e . status = = 0 | | r_e . status = = 0x105 )
1999-12-13 16:27:58 +03:00
{
2000-05-16 23:45:26 +04:00
init_samr_r_query_dispinfo ( & r_e , switch_level , & ctr , r_e . status ) ;
1999-12-13 16:27:58 +03:00
}
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_query_dispinfo ( " " , & r_e , rdata , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_query_dispinfo: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_query_dispinfo
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_query_dispinfo ( pipes_struct * p )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_QUERY_DISPINFO q_e ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_query_dispinfo ( " " , & q_e , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_query_dispinfo ( & q_e , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_query_aliasinfo
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_query_aliasinfo ( SAMR_Q_QUERY_ALIASINFO * q_u ,
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
prs_struct * rdata )
{
2000-05-16 23:45:26 +04:00
SAMR_R_QUERY_ALIASINFO r_e ;
fstring alias_desc = " Local Unix group " ;
fstring alias = " " ;
2000-10-04 05:03:23 +04:00
enum SID_NAME_USE type ;
2000-05-16 23:45:26 +04:00
uint32 alias_rid ;
1999-12-13 16:27:58 +03:00
2000-05-16 23:45:26 +04:00
ZERO_STRUCT ( r_e ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
DEBUG ( 5 , ( " samr_reply_query_aliasinfo: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
/* find the policy handle. open a policy on it. */
if ( r_e . status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
{
r_e . status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
1999-12-13 16:27:58 +03:00
2000-05-16 23:45:26 +04:00
alias_rid = get_lsa_policy_samr_rid ( & q_u - > pol ) ;
if ( alias_rid = = 0xffffffff )
r_e . status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS ;
1999-12-13 16:27:58 +03:00
2000-08-02 06:11:55 +04:00
if ( ! local_lookup_rid ( alias_rid , alias , & type ) )
2000-05-16 23:45:26 +04:00
{
r_e . status = 0xC0000000 | NT_STATUS_NO_SUCH_ALIAS ;
}
init_samr_r_query_aliasinfo ( & r_e , q_u - > switch_level , alias , alias_desc ) ;
/* store the response in the SMB stream */
if ( ! samr_io_r_query_aliasinfo ( " " , & r_e , rdata , 0 ) )
return False ;
DEBUG ( 5 , ( " samr_query_aliasinfo: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_query_aliasinfo
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_query_aliasinfo ( pipes_struct * p )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_QUERY_ALIASINFO q_e ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_query_aliasinfo ( " " , & q_e , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_query_aliasinfo ( & q_e , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
1999-11-16 02:46:27 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_lookup_ids
1999-11-16 02:46:27 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_lookup_ids ( SAMR_Q_LOOKUP_IDS * q_u ,
1999-11-16 02:46:27 +03:00
prs_struct * rdata )
{
1999-12-13 16:27:58 +03:00
uint32 rid [ MAX_SAM_ENTRIES ] ;
uint32 status = 0 ;
int num_rids = q_u - > num_sids1 ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
SAMR_R_LOOKUP_IDS r_u ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_lookup_ids: %d \n " , __LINE__ ) ) ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
if ( num_rids > MAX_SAM_ENTRIES )
1999-11-16 02:46:27 +03:00
{
1999-12-13 16:27:58 +03:00
num_rids = MAX_SAM_ENTRIES ;
DEBUG ( 5 , ( " samr_lookup_ids: truncating entries to %d \n " , num_rids ) ) ;
1999-11-16 02:46:27 +03:00
}
1999-12-13 16:27:58 +03:00
#if 0
int i ;
SMB_ASSERT_ARRAY ( q_u - > uni_user_name , num_rids ) ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
for ( i = 0 ; i < num_rids & & status = = 0 ; i + + )
1999-11-16 02:46:27 +03:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * sam_pass ;
1999-12-13 16:27:58 +03:00
fstring user_name ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
fstrcpy ( user_name , unistrn2 ( q_u - > uni_user_name [ i ] . buffer ,
q_u - > uni_user_name [ i ] . uni_str_len ) ) ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
/* find the user account */
2000-06-23 09:53:18 +04:00
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sam_pass = pdb_getsampwnam ( user_name ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
if ( sam_pass = = NULL )
{
status = 0xC0000000 | NT_STATUS_NO_SUCH_USER ;
rid [ i ] = 0 ;
}
else
{
2000-11-14 02:03:34 +03:00
rid [ i ] = pdb_get_user_rid ( sam_pass ) ;
1999-12-13 16:27:58 +03:00
}
1999-11-16 02:46:27 +03:00
}
1999-12-13 16:27:58 +03:00
# endif
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
num_rids = 1 ;
rid [ 0 ] = BUILTIN_ALIAS_RID_USERS ;
init_samr_r_lookup_ids ( & r_u , num_rids , rid , status ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_lookup_ids ( " " , & r_u , rdata , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_lookup_ids: %d \n " , __LINE__ ) ) ;
1999-11-16 02:46:27 +03:00
2000-05-16 23:45:26 +04:00
return True ;
1999-11-16 02:46:27 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_lookup_ids
1999-11-16 02:46:27 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_lookup_ids ( pipes_struct * p )
1999-11-16 02:46:27 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_LOOKUP_IDS q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
/* grab the samr 0x10 */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_lookup_ids ( " " , & q_u , data , 0 ) )
return False ;
1999-11-16 02:46:27 +03:00
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_lookup_ids ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1999-11-16 02:46:27 +03:00
}
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_lookup_names
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-12-13 16:27:58 +03:00
static BOOL samr_reply_lookup_names ( SAMR_Q_LOOKUP_NAMES * q_u ,
2000-05-16 23:45:26 +04:00
prs_struct * rdata )
1998-03-12 00:11:04 +03:00
{
2000-05-16 23:45:26 +04:00
uint32 rid [ MAX_SAM_ENTRIES ] ;
2000-10-04 05:03:23 +04:00
enum SID_NAME_USE type [ MAX_SAM_ENTRIES ] ;
2000-05-16 23:45:26 +04:00
uint32 status = 0 ;
int i ;
int num_rids = q_u - > num_names1 ;
DOM_SID pol_sid ;
SAMR_R_LOOKUP_NAMES r_u ;
DEBUG ( 5 , ( " samr_lookup_names: %d \n " , __LINE__ ) ) ;
ZERO_ARRAY ( rid ) ;
ZERO_ARRAY ( type ) ;
if ( ! get_lsa_policy_samr_sid ( & q_u - > pol , & pol_sid ) ) {
status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH ;
init_samr_r_lookup_names ( & r_u , 0 , rid , type , status ) ;
if ( ! samr_io_r_lookup_names ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " samr_reply_lookup_names: failed to marshall SAMR_R_LOOKUP_NAMES. \n " ) ) ;
return False ;
1999-12-13 16:27:58 +03:00
}
2000-05-16 23:45:26 +04:00
return True ;
}
1998-11-29 23:03:33 +03:00
2000-05-16 23:45:26 +04:00
if ( num_rids > MAX_SAM_ENTRIES ) {
num_rids = MAX_SAM_ENTRIES ;
DEBUG ( 5 , ( " samr_lookup_names: truncating entries to %d \n " , num_rids ) ) ;
}
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
SMB_ASSERT_ARRAY ( q_u - > uni_name , num_rids ) ;
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
for ( i = 0 ; i < num_rids ; i + + ) {
fstring name ;
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
status = 0xC0000000 | NT_STATUS_NONE_MAPPED ;
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
rid [ i ] = 0xffffffff ;
type [ i ] = SID_NAME_UNKNOWN ;
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
fstrcpy ( name , dos_unistrn2 ( q_u - > uni_name [ i ] . buffer ,
q_u - > uni_name [ i ] . uni_str_len ) ) ;
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
if ( sid_equal ( & pol_sid , & global_sam_sid ) )
{
DOM_SID sid ;
2000-08-02 06:11:55 +04:00
if ( local_lookup_name ( global_myname , name ,
2000-05-16 23:45:26 +04:00
& sid , & type [ i ] ) )
{
sid_split_rid ( & sid , & rid [ i ] ) ;
status = 0 ;
1998-03-12 00:11:04 +03:00
}
2000-05-16 23:45:26 +04:00
}
}
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
init_samr_r_lookup_names ( & r_u , num_rids , rid , type , status ) ;
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
/* store the response in the SMB stream */
if ( ! samr_io_r_lookup_names ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " samr_reply_lookup_names: failed to marshall SAMR_R_LOOKUP_NAMES. \n " ) ) ;
return False ;
}
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
DEBUG ( 5 , ( " samr_lookup_names: %d \n " , __LINE__ ) ) ;
1998-03-12 00:11:04 +03:00
2000-05-16 23:45:26 +04:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_lookup_names
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_lookup_names ( pipes_struct * p )
1998-10-22 01:11:16 +04:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_LOOKUP_NAMES q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1998-10-22 01:11:16 +04:00
1999-12-13 16:27:58 +03:00
memset ( & q_u , ' \0 ' , sizeof ( q_u ) ) ;
1998-10-22 01:11:16 +04:00
1999-12-13 16:27:58 +03:00
/* grab the samr lookup names */
if ( ! samr_io_q_lookup_names ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_lookup_names: failed to unmarshall SAMR_Q_LOOKUP_NAMES. \n " ) ) ;
1998-10-22 01:11:16 +04:00
return False ;
}
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
if ( ! samr_reply_lookup_names ( & q_u , rdata ) )
1998-03-12 00:11:04 +03:00
return False ;
return True ;
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_chgpasswd_user
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-12-13 16:27:58 +03:00
static BOOL samr_reply_chgpasswd_user ( SAMR_Q_CHGPASSWD_USER * q_u ,
1998-03-12 00:11:04 +03:00
prs_struct * rdata )
{
1999-12-13 16:27:58 +03:00
SAMR_R_CHGPASSWD_USER r_u ;
1998-03-12 00:11:04 +03:00
uint32 status = 0x0 ;
1999-12-13 16:27:58 +03:00
fstring user_name ;
fstring wks ;
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
fstrcpy ( user_name , dos_unistrn2 ( q_u - > uni_user_name . buffer , q_u - > uni_user_name . uni_str_len ) ) ;
fstrcpy ( wks , dos_unistrn2 ( q_u - > uni_dest_host . buffer , q_u - > uni_dest_host . uni_str_len ) ) ;
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_chgpasswd_user: user: %s wks: %s \n " , user_name , wks ) ) ;
1998-09-25 00:02:56 +04:00
1999-12-13 16:27:58 +03:00
if ( ! pass_oem_change ( user_name ,
q_u - > lm_newpass . pass , q_u - > lm_oldhash . hash ,
q_u - > nt_newpass . pass , q_u - > nt_oldhash . hash ) )
1998-03-12 00:11:04 +03:00
{
1999-12-13 16:27:58 +03:00
status = 0xC0000000 | NT_STATUS_WRONG_PASSWORD ;
1998-03-12 00:11:04 +03:00
}
1999-12-13 16:27:58 +03:00
init_samr_r_chgpasswd_user ( & r_u , status ) ;
1998-03-12 00:11:04 +03:00
/* store the response in the SMB stream */
1999-12-13 16:27:58 +03:00
if ( ! samr_io_r_chgpasswd_user ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " samr_reply_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER struct. \n " ) ) ;
1999-03-25 23:56:28 +03:00
return False ;
}
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_chgpasswd_user: %d \n " , __LINE__ ) ) ;
return True ;
1999-03-25 18:14:30 +03:00
}
1999-03-25 16:54:31 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_chgpasswd_user
1999-03-25 16:54:31 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-12-13 16:27:58 +03:00
2000-06-16 12:11:32 +04:00
static BOOL api_samr_chgpasswd_user ( pipes_struct * p )
1999-03-25 16:54:31 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_CHGPASSWD_USER q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* unknown 38 command */
if ( ! samr_io_q_chgpasswd_user ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_chgpasswd_user: samr_io_q_chgpasswd_user failed to parse RPC packet. \n " ) ) ;
1999-03-26 00:32:04 +03:00
return False ;
}
1999-12-13 16:27:58 +03:00
/* construct reply. */
if ( ! samr_reply_chgpasswd_user ( & q_u , rdata ) ) {
DEBUG ( 0 , ( " api_samr_chgpasswd_user: samr_reply_chgpasswd_user failed to create reply packet. \n " ) ) ;
1999-03-25 16:54:31 +03:00
return False ;
}
1999-03-26 00:32:04 +03:00
1999-12-13 16:27:58 +03:00
return True ;
1999-03-25 16:54:31 +03:00
}
1999-12-13 16:27:58 +03:00
1999-11-18 22:29:08 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_unknown_38
1999-11-18 22:29:08 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_unknown_38 ( SAMR_Q_UNKNOWN_38 * q_u , prs_struct * rdata )
1999-11-18 22:29:08 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_R_UNKNOWN_38 r_u ;
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_unknown_38: %d \n " , __LINE__ ) ) ;
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
init_samr_r_unknown_38 ( & r_u ) ;
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_unknown_38 ( " " , & r_u , rdata , 0 ) )
return False ;
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_unknown_38: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1999-11-18 22:29:08 +03:00
}
1998-03-12 00:11:04 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_unknown_38
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_unknown_38 ( pipes_struct * p )
1998-03-12 00:11:04 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_UNKNOWN_38 q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* unknown 38 command */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_unknown_38 ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_unknown_38 ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1998-03-12 00:11:04 +03:00
}
1999-11-18 22:29:08 +03:00
/*******************************************************************
2000-10-07 19:56:36 +04:00
samr_reply_lookup_rids
1999-11-18 22:29:08 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-10-07 19:56:36 +04:00
static BOOL samr_reply_lookup_rids ( SAMR_Q_LOOKUP_RIDS * q_u ,
1999-12-13 16:27:58 +03:00
prs_struct * rdata )
1999-11-18 22:29:08 +03:00
{
1999-12-13 16:27:58 +03:00
fstring group_names [ MAX_SAM_ENTRIES ] ;
uint32 group_attrs [ MAX_SAM_ENTRIES ] ;
uint32 status = 0 ;
int num_gids = q_u - > num_gids1 ;
1999-11-18 22:29:08 +03:00
2000-10-07 19:56:36 +04:00
SAMR_R_LOOKUP_RIDS r_u ;
1999-11-18 22:29:08 +03:00
2000-10-07 19:56:36 +04:00
DEBUG ( 5 , ( " samr_reply_lookup_rids: %d \n " , __LINE__ ) ) ;
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
/* find the policy handle. open a policy on it. */
if ( status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
1999-11-18 22:29:08 +03:00
{
status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
if ( status = = 0x0 )
{
1999-12-13 16:27:58 +03:00
int i ;
if ( num_gids > MAX_SAM_ENTRIES )
1999-11-18 22:29:08 +03:00
{
1999-12-13 16:27:58 +03:00
num_gids = MAX_SAM_ENTRIES ;
2000-10-07 19:56:36 +04:00
DEBUG ( 5 , ( " samr_reply_lookup_rids: truncating entries to %d \n " , num_gids ) ) ;
1999-12-13 16:27:58 +03:00
}
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
for ( i = 0 ; i < num_gids & & status = = 0 ; i + + )
{
fstrcpy ( group_names [ i ] , " dummy group " ) ;
group_attrs [ i ] = 0x2 ;
1999-11-18 22:29:08 +03:00
}
}
2000-10-07 19:56:36 +04:00
init_samr_r_lookup_rids ( & r_u , num_gids , group_names , group_attrs , status ) ;
1999-11-18 22:29:08 +03:00
/* store the response in the SMB stream */
2000-10-07 19:56:36 +04:00
if ( ! samr_io_r_lookup_rids ( " " , & r_u , rdata , 0 ) )
2000-05-16 23:45:26 +04:00
return False ;
1999-11-18 22:29:08 +03:00
2000-10-07 19:56:36 +04:00
DEBUG ( 5 , ( " samr_reply_lookup_rids: %d \n " , __LINE__ ) ) ;
1999-11-18 22:29:08 +03:00
2000-05-16 23:45:26 +04:00
return True ;
1999-11-18 22:29:08 +03:00
}
/*******************************************************************
2000-10-07 19:56:36 +04:00
api_samr_lookup_rids
1999-11-18 22:29:08 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-10-07 19:56:36 +04:00
static BOOL api_samr_lookup_rids ( pipes_struct * p )
1999-11-18 22:29:08 +03:00
{
2000-10-07 19:56:36 +04:00
SAMR_Q_LOOKUP_RIDS q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
/* grab the samr lookup names */
2000-10-07 19:56:36 +04:00
if ( ! samr_io_q_lookup_rids ( " " , & q_u , data , 0 ) )
2000-05-16 23:45:26 +04:00
return False ;
1999-11-18 22:29:08 +03:00
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-10-07 19:56:36 +04:00
if ( ! samr_reply_lookup_rids ( & q_u , rdata ) )
2000-05-16 23:45:26 +04:00
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1999-11-18 22:29:08 +03:00
}
1999-03-25 16:54:31 +03:00
/*******************************************************************
2000-10-07 19:56:36 +04:00
_api_samr_open_user
1999-03-25 16:54:31 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-10-07 19:56:36 +04:00
static uint32 _api_samr_open_user ( POLICY_HND domain_pol , uint32 user_rid , POLICY_HND * user_pol )
1999-03-25 16:54:31 +03:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * sam_pass ;
2000-10-07 19:56:36 +04:00
DOM_SID sid ;
1999-03-25 16:54:31 +03:00
2000-10-07 19:56:36 +04:00
/* find the domain policy handle. */
if ( find_lsa_policy_by_hnd ( & domain_pol ) = = - 1 )
return NT_STATUS_INVALID_HANDLE ;
1999-03-25 16:54:31 +03:00
1999-12-13 16:27:58 +03:00
/* get a (unique) handle. open a policy on it. */
2000-10-07 19:56:36 +04:00
if ( ! open_lsa_policy_hnd ( user_pol ) )
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
1999-03-25 16:54:31 +03:00
2000-06-23 09:53:18 +04:00
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sam_pass = pdb_getsampwrid ( user_rid ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
1999-03-25 16:54:31 +03:00
1999-12-13 16:27:58 +03:00
/* check that the RID exists in our domain. */
2000-10-07 19:56:36 +04:00
if ( sam_pass = = NULL ) {
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_NO_SUCH_USER ;
1999-11-17 00:14:53 +03:00
}
2000-10-07 19:56:36 +04:00
/* Get the domain SID stored in the domain policy */
if ( ! get_lsa_policy_samr_sid ( & domain_pol , & sid ) ) {
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_INVALID_HANDLE ;
1999-12-13 16:27:58 +03:00
}
1999-03-25 16:54:31 +03:00
2000-10-07 19:56:36 +04:00
/* append the user's RID to it */
if ( ! sid_append_rid ( & sid , user_rid ) ) {
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_NO_SUCH_USER ;
1999-03-25 16:54:31 +03:00
}
2000-10-07 19:56:36 +04:00
/* associate the user's SID with the handle. */
if ( ! set_lsa_policy_samr_sid ( user_pol , & sid ) ) {
/* oh, whoops. don't know what error message to return, here */
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
1999-03-25 16:54:31 +03:00
2000-10-07 19:56:36 +04:00
return NT_STATUS_NO_PROBLEMO ;
1999-03-25 16:54:31 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_open_user
1999-03-25 16:54:31 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_open_user ( pipes_struct * p )
1999-03-25 16:54:31 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_OPEN_USER q_u ;
2000-10-07 19:56:36 +04:00
SAMR_R_OPEN_USER r_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-03-25 16:54:31 +03:00
2000-10-07 19:56:36 +04:00
ZERO_STRUCT ( q_u ) ;
ZERO_STRUCT ( r_u ) ;
1999-12-13 16:27:58 +03:00
/* grab the samr unknown 22 */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_open_user ( " " , & q_u , data , 0 ) )
return False ;
1999-03-25 16:54:31 +03:00
2000-10-07 19:56:36 +04:00
r_u . status = _api_samr_open_user ( q_u . domain_pol , q_u . user_rid , & r_u . user_pol ) ;
/* store the response in the SMB stream */
if ( ! samr_io_r_open_user ( " " , & r_u , rdata , 0 ) )
2000-05-16 23:45:26 +04:00
return False ;
1999-12-13 16:27:58 +03:00
2000-10-07 19:56:36 +04:00
DEBUG ( 5 , ( " samr_open_user: %d \n " , __LINE__ ) ) ;
1999-12-13 16:27:58 +03:00
return True ;
1999-03-25 16:54:31 +03:00
}
1999-12-13 16:27:58 +03:00
/*************************************************************************
get_user_info_10
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL get_user_info_10 ( SAM_USER_INFO_10 * id10 , uint32 user_rid )
1998-03-12 00:11:04 +03:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * sampass ;
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
if ( ! pdb_rid_is_user ( user_rid ) )
1998-03-12 00:11:04 +03:00
{
1999-12-13 16:27:58 +03:00
DEBUG ( 4 , ( " RID 0x%x is not a user RID \n " , user_rid ) ) ;
return False ;
1998-03-12 00:11:04 +03:00
}
2000-06-23 09:53:18 +04:00
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sampass = pdb_getsampwrid ( user_rid ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
1998-03-12 00:11:04 +03:00
2000-11-14 02:03:34 +03:00
if ( sampass = = NULL )
1998-03-12 00:11:04 +03:00
{
1999-12-13 16:27:58 +03:00
DEBUG ( 4 , ( " User 0x%x not found \n " , user_rid ) ) ;
return False ;
1998-03-12 00:11:04 +03:00
}
2000-11-14 02:03:34 +03:00
DEBUG ( 3 , ( " User:[%s] \n " , pdb_get_username ( sampass ) ) ) ;
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared.
- interactive debug detection
- re-added mem_man (andrew's memory management, detects memory corruption)
- american spellings of "initialise" replaced with english spelling of
"initialise".
- started on "lookup_name()" and "lookup_sid()" functions. proper ones.
- moved lots of functions around. created some modules of commonly used
code. e.g the password file locking code, which is used in groupfile.c
and aliasfile.c and smbpass.c
- moved RID_TYPE_MASK up another bit. this is really unfortunate, but
there is no other "fast" way to identify users from groups from aliases.
i do not believe that this code saves us anything (the multipliers)
and puts us at a disadvantage (reduces the useable rid space).
the designers of NT aren't silly: if they can get away with a user-
interface-speed LsaLookupNames / LsaLookupSids, then so can we. i
spoke with isaac at the cifs conference, the only time for example that
they do a security context check is on file create. certainly not on
individual file reads / writes, which would drastically hit their
performance and ours, too.
- renamed myworkgroup to global_sam_name, amongst other things, when used
in the rpc code. there is also a global_member_name, as we are always
responsible for a SAM database, the scope of which is limited by the role
of the machine (e.g if a member of a workgroup, your SAM is for _local_
logins only, and its name is the name of your server. you even still
have a SID. see LsaQueryInfoPolicy, levels 3 and 5).
- updated functionality of groupname.c to be able to cope with names
like DOMAIN\group and SERVER\alias. used this code to be able to
do aliases as well as groups. this code may actually be better
off being used in username mapping, too.
- created a connect to serverlist function in clientgen.c and used it
in password.c
- initialisation in server.c depends on the role of the server. well,
it does now.
- rpctorture. smbtorture. EXERCISE EXTREME CAUTION.
(This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-17 19:19:04 +03:00
2000-11-14 02:03:34 +03:00
init_sam_user_info10 ( id10 , pdb_get_acct_ctrl ( sampass ) ) ;
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
return True ;
}
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
/*************************************************************************
get_user_info_21
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL get_user_info_21 ( SAM_USER_INFO_21 * id21 , uint32 user_rid )
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * sam_pass ;
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
if ( ! pdb_rid_is_user ( user_rid ) )
1998-09-25 00:02:56 +04:00
{
1999-12-13 16:27:58 +03:00
DEBUG ( 4 , ( " RID 0x%x is not a user RID \n " , user_rid ) ) ;
return False ;
1998-09-25 00:02:56 +04:00
}
2000-06-23 09:53:18 +04:00
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sam_pass = pdb_getsampwrid ( user_rid ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
1998-03-12 00:11:04 +03:00
1999-12-13 16:27:58 +03:00
if ( sam_pass = = NULL )
{
DEBUG ( 4 , ( " User 0x%x not found \n " , user_rid ) ) ;
return False ;
}
1998-03-12 00:11:04 +03:00
2000-11-14 02:03:34 +03:00
DEBUG ( 3 , ( " User:[%s] \n " , pdb_get_username ( sam_pass ) ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-11-14 02:03:34 +03:00
init_sam_user_info21 ( id21 , sam_pass ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_query_userinfo
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_query_userinfo ( SAMR_Q_QUERY_USERINFO * q_u ,
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
prs_struct * rdata )
{
1999-12-13 16:27:58 +03:00
SAMR_R_QUERY_USERINFO r_u ;
#if 0
SAM_USER_INFO_11 id11 ;
# endif
SAM_USER_INFO_10 id10 ;
SAM_USER_INFO_21 id21 ;
void * info = NULL ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
uint32 status = 0x0 ;
uint32 rid = 0x0 ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_reply_query_userinfo: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
/* search for the handle */
if ( status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
status = NT_STATUS_INVALID_HANDLE ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
/* find the user's rid */
if ( status = = 0x0 & & ( rid = get_lsa_policy_samr_rid ( & ( q_u - > pol ) ) ) = = 0xffffffff )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
status = NT_STATUS_OBJECT_TYPE_MISMATCH ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_reply_query_userinfo: rid:0x%x \n " , rid ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
/* ok! user info levels (there are lots: see MSDEV help), off we go... */
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
if ( status = = 0x0 )
{
1999-12-13 16:27:58 +03:00
switch ( q_u - > switch_value )
{
case 0x10 :
{
info = ( void * ) & id10 ;
status = get_user_info_10 ( & id10 , rid ) ? 0 : NT_STATUS_NO_SUCH_USER ;
break ;
}
#if 0
/* whoops - got this wrong. i think. or don't understand what's happening. */
case 0x11 :
{
NTTIME expire ;
info = ( void * ) & id11 ;
expire . low = 0xffffffff ;
expire . high = 0x7fffffff ;
make_sam_user_info11 ( & id11 , & expire , " BROOKFIELDS$ " , 0x03ef , 0x201 , 0x0080 ) ;
break ;
}
# endif
case 21 :
{
info = ( void * ) & id21 ;
status = get_user_info_21 ( & id21 , rid ) ? 0 : NT_STATUS_NO_SUCH_USER ;
break ;
}
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
default :
{
status = NT_STATUS_INVALID_INFO_CLASS ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
break ;
}
}
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
init_samr_r_query_userinfo ( & r_u , q_u - > switch_value , info , status ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_query_userinfo ( " " , & r_u , rdata , 0 ) )
return False ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_reply_query_userinfo: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
2000-05-16 23:45:26 +04:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_query_userinfo
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_query_userinfo ( pipes_struct * p )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_QUERY_USERINFO q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
/* grab the samr unknown 24 */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_query_userinfo ( " " , & q_u , data , 0 ) )
return False ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_query_userinfo ( & q_u , rdata ) )
return False ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/*******************************************************************
1999-12-13 16:27:58 +03:00
samr_reply_query_usergroups
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_query_usergroups ( SAMR_Q_QUERY_USERGROUPS * q_u ,
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
prs_struct * rdata )
{
1999-12-13 16:27:58 +03:00
SAMR_R_QUERY_USERGROUPS r_u ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
uint32 status = 0x0 ;
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * sam_pass ;
1999-12-13 16:27:58 +03:00
DOM_GID * gids = NULL ;
int num_groups = 0 ;
uint32 rid ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_query_usergroups: %d \n " , __LINE__ ) ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* find the policy handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( status = = 0x0 & & ( find_lsa_policy_by_hnd ( & ( q_u - > pol ) ) = = - 1 ) )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
status = 0xC0000000 | NT_STATUS_INVALID_HANDLE ;
}
1999-12-13 16:27:58 +03:00
/* find the user's rid */
if ( status = = 0x0 & & ( rid = get_lsa_policy_samr_rid ( & ( q_u - > pol ) ) ) = = 0xffffffff )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
status = NT_STATUS_OBJECT_TYPE_MISMATCH ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
if ( status = = 0x0 )
{
2000-06-23 09:53:18 +04:00
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sam_pass = pdb_getsampwrid ( rid ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
1999-12-13 16:27:58 +03:00
if ( sam_pass = = NULL )
{
status = 0xC0000000 | NT_STATUS_NO_SUCH_USER ;
}
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
if ( status = = 0x0 )
{
1999-12-13 16:27:58 +03:00
pstring groups ;
2000-11-14 02:03:34 +03:00
get_domain_user_groups ( groups , pdb_get_username ( sam_pass ) ) ;
1999-12-13 16:27:58 +03:00
gids = NULL ;
num_groups = make_dom_gids ( groups , & gids ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1999-12-13 16:27:58 +03:00
/* construct the response. lkclXXXX: gids are not copied! */
init_samr_r_query_usergroups ( & r_u , num_groups , gids , status ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_query_usergroups ( " " , & r_u , rdata , 0 ) ) {
if ( gids )
free ( ( char * ) gids ) ;
return False ;
}
1999-12-13 16:27:58 +03:00
if ( gids )
free ( ( char * ) gids ) ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
1999-12-13 16:27:58 +03:00
DEBUG ( 5 , ( " samr_query_usergroups: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
/*******************************************************************
1999-12-13 16:27:58 +03:00
api_samr_query_usergroups
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_query_usergroups ( pipes_struct * p )
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
{
1999-12-13 16:27:58 +03:00
SAMR_Q_QUERY_USERGROUPS q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr unknown 32 */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_query_usergroups ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_query_usergroups ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
1998-12-07 20:23:48 +03:00
}
1998-10-22 01:11:16 +04:00
/*******************************************************************
2000-10-07 19:56:36 +04:00
api_samr_query_dom_info
1998-10-22 01:11:16 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-10-07 19:56:36 +04:00
static BOOL api_samr_query_dom_info ( pipes_struct * p )
1998-10-22 01:11:16 +04:00
{
2000-10-07 19:56:36 +04:00
SAMR_Q_QUERY_DOMAIN_INFO q_u ;
1998-10-22 02:36:26 +04:00
SAMR_R_QUERY_DOMAIN_INFO r_u ;
1998-10-22 01:11:16 +04:00
SAM_UNK_CTR ctr ;
2000-10-07 19:56:36 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1998-10-22 01:11:16 +04:00
uint16 switch_value = 0x0 ;
uint32 status = 0x0 ;
2000-10-07 19:56:36 +04:00
ZERO_STRUCT ( q_u ) ;
1998-10-22 01:11:16 +04:00
ZERO_STRUCT ( r_u ) ;
ZERO_STRUCT ( ctr ) ;
2000-10-07 19:56:36 +04:00
DEBUG ( 5 , ( " api_samr_query_dom_info: %d \n " , __LINE__ ) ) ;
1998-10-22 01:11:16 +04:00
2000-10-07 19:56:36 +04:00
/* grab the samr unknown 8 command */
if ( ! samr_io_q_query_dom_info ( " " , & q_u , data , 0 ) )
return False ;
1998-10-22 01:11:16 +04:00
/* find the policy handle. open a policy on it. */
2000-10-07 19:56:36 +04:00
if ( find_lsa_policy_by_hnd ( & q_u . domain_pol ) = = - 1 ) {
status = NT_STATUS_INVALID_HANDLE ;
DEBUG ( 5 , ( " api_samr_query_dom_info: invalid handle \n " ) ) ;
1998-10-22 01:11:16 +04:00
}
2000-10-07 19:56:36 +04:00
if ( status = = 0x0 ) {
switch ( q_u . switch_value ) {
case 0x01 :
switch_value = 0x1 ;
init_unk_info1 ( & ctr . info . inf1 ) ;
break ;
1998-10-22 01:11:16 +04:00
case 0x02 :
switch_value = 0x2 ;
1999-12-13 16:27:58 +03:00
init_unk_info2 ( & ctr . info . inf2 , global_myworkgroup , global_myname ) ;
1999-03-25 16:54:31 +03:00
break ;
2000-10-07 19:56:36 +04:00
case 0x03 :
switch_value = 0x3 ;
init_unk_info3 ( & ctr . info . inf3 ) ;
break ;
case 0x06 :
switch_value = 0x6 ;
init_unk_info6 ( & ctr . info . inf6 ) ;
break ;
case 0x07 :
switch_value = 0x7 ;
init_unk_info7 ( & ctr . info . inf7 ) ;
break ;
case 0x0c :
switch_value = 0xc ;
init_unk_info12 ( & ctr . info . inf12 ) ;
break ;
1998-10-22 01:11:16 +04:00
default :
2000-10-07 19:56:36 +04:00
status = NT_STATUS_INVALID_INFO_CLASS ;
1998-10-22 01:11:16 +04:00
break ;
}
}
1999-12-13 16:27:58 +03:00
init_samr_r_query_dom_info ( & r_u , switch_value , & ctr , status ) ;
1998-10-22 01:11:16 +04:00
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_query_dom_info ( " " , & r_u , rdata , 0 ) )
return False ;
1998-10-22 01:11:16 +04:00
2000-10-07 19:56:36 +04:00
DEBUG ( 5 , ( " api_samr_query_dom_info: %d \n " , __LINE__ ) ) ;
1999-12-13 16:27:58 +03:00
return True ;
1998-10-22 01:11:16 +04:00
}
2000-09-28 21:35:03 +04:00
1998-03-12 00:11:04 +03:00
/*******************************************************************
2000-10-07 19:56:36 +04:00
_api_samr_create_user
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-10-07 19:56:36 +04:00
static BOOL _api_samr_create_user ( POLICY_HND dom_pol , UNISTR2 user_account , uint32 acb_info , uint32 access_mask ,
POLICY_HND * user_pol , uint32 * unknown0 , uint32 * user_rid )
1999-03-25 16:54:31 +03:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * sam_pass ;
1999-12-13 16:27:58 +03:00
fstring mach_acct ;
2000-09-28 21:35:03 +04:00
pstring err_str ;
pstring msg_str ;
int local_flags = 0 ;
2000-10-07 19:56:36 +04:00
DOM_SID sid ;
2000-09-28 21:35:03 +04:00
/* find the policy handle. open a policy on it. */
2000-10-07 19:56:36 +04:00
if ( find_lsa_policy_by_hnd ( & dom_pol ) = = - 1 )
return NT_STATUS_INVALID_HANDLE ;
2000-09-28 21:35:03 +04:00
1999-12-13 16:27:58 +03:00
/* find the machine account: tell the caller if it exists.
lkclXXXX i have * no * idea if this is a problem or not
or even if you are supposed to construct a different
reply if the account already exists . . .
*/
2000-10-07 19:56:36 +04:00
fstrcpy ( mach_acct , dos_unistrn2 ( user_account . buffer , user_account . uni_str_len ) ) ;
2000-09-28 21:35:03 +04:00
strlower ( mach_acct ) ;
1999-12-13 16:27:58 +03:00
2000-06-23 09:53:18 +04:00
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sam_pass = pdb_getsampwnam ( mach_acct ) ;
2000-06-23 09:53:18 +04:00
unbecome_root ( ) ;
2000-11-14 02:03:34 +03:00
if ( sam_pass ! = NULL )
{
1999-12-13 16:27:58 +03:00
/* machine account exists: say so */
2000-10-07 19:56:36 +04:00
return NT_STATUS_USER_EXISTS ;
1999-12-13 16:27:58 +03:00
}
1999-03-25 16:54:31 +03:00
2000-09-28 21:35:03 +04:00
/* get a (unique) handle. open a policy on it. */
2000-10-07 19:56:36 +04:00
if ( ! open_lsa_policy_hnd ( user_pol ) )
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
2000-09-28 21:35:03 +04:00
local_flags = LOCAL_ADD_USER | LOCAL_DISABLE_USER | LOCAL_SET_NO_PASSWORD ;
2000-10-07 19:56:36 +04:00
local_flags | = ( acb_info & ACB_WSTRUST ) ? LOCAL_TRUST_ACCOUNT : 0 ;
2000-09-28 21:35:03 +04:00
2000-09-29 00:36:28 +04:00
/*
* NB . VERY IMPORTANT ! This call must be done as the current pipe user ,
* * NOT * surrounded by a become_root ( ) / unbecome_root ( ) call . This ensures
* that only people with write access to the smbpasswd file will be able
* to create a user . JRA .
*/
2000-10-10 17:08:55 +04:00
/* add the user in the /etc/passwd file or the unix authority system */
if ( lp_adduser_script ( ) )
2001-01-11 21:38:55 +03:00
smb_create_user ( mach_acct , NULL ) ;
2000-10-10 17:08:55 +04:00
/* add the user in the smbpasswd file or the Samba authority database */
2000-11-14 02:03:34 +03:00
if ( ! local_password_change ( mach_acct , local_flags , NULL , err_str ,
sizeof ( err_str ) , msg_str , sizeof ( msg_str ) ) )
{
2000-09-28 21:35:03 +04:00
DEBUG ( 0 , ( " %s \n " , err_str ) ) ;
2000-10-07 19:56:36 +04:00
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_ACCESS_DENIED ;
2000-09-28 21:35:03 +04:00
}
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sam_pass = pdb_getsampwnam ( mach_acct ) ;
2000-09-28 21:35:03 +04:00
unbecome_root ( ) ;
if ( sam_pass = = NULL ) {
/* account doesn't exist: say so */
2000-10-07 19:56:36 +04:00
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_ACCESS_DENIED ;
}
/* Get the domain SID stored in the domain policy */
if ( ! get_lsa_policy_samr_sid ( & dom_pol , & sid ) ) {
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_INVALID_HANDLE ;
}
/* append the user's RID to it */
if ( ! sid_append_rid ( & sid , sam_pass - > user_rid ) ) {
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_NO_SUCH_USER ;
2000-09-28 21:35:03 +04:00
}
/* associate the RID with the (unique) handle. */
2000-10-07 19:56:36 +04:00
if ( ! set_lsa_policy_samr_sid ( user_pol , & sid ) ) {
2000-09-28 21:35:03 +04:00
/* oh, whoops. don't know what error message to return, here */
2000-10-07 19:56:36 +04:00
close_lsa_policy_hnd ( user_pol ) ;
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
2000-11-14 02:03:34 +03:00
* unknown0 = 0x000703ff ;
* user_rid = pdb_get_user_rid ( sam_pass ) ;
2000-10-07 19:56:36 +04:00
return NT_STATUS_NO_PROBLEMO ;
}
/*******************************************************************
api_samr_create_user
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL api_samr_create_user ( pipes_struct * p )
{
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
SAMR_Q_CREATE_USER q_u ;
SAMR_R_CREATE_USER r_u ;
ZERO_STRUCT ( q_u ) ;
ZERO_STRUCT ( r_u ) ;
/* grab the samr create user */
if ( ! samr_io_q_create_user ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER. \n " ) ) ;
return False ;
2000-09-27 17:02:57 +04:00
}
2000-10-07 19:56:36 +04:00
r_u . status = _api_samr_create_user ( q_u . pol , q_u . uni_mach_acct , q_u . acb_info , q_u . access_mask ,
& r_u . pol , & r_u . unknown_0 , & r_u . user_rid ) ;
2000-09-27 17:02:57 +04:00
/* store the response in the SMB stream */
2000-10-07 21:32:40 +04:00
if ( ! samr_io_r_create_user ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " api_samr_create_user: Unable to marshall SAMR_R_CREATE_USER. \n " ) ) ;
2000-05-16 23:45:26 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
1999-12-13 16:27:58 +03:00
return True ;
1998-03-12 00:11:04 +03:00
}
1998-10-15 09:47:29 +04:00
/*******************************************************************
samr_reply_connect_anon
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_connect_anon ( SAMR_Q_CONNECT_ANON * q_u , prs_struct * rdata )
1998-10-15 09:47:29 +04:00
{
SAMR_R_CONNECT_ANON r_u ;
BOOL pol_open = False ;
/* set up the SAMR connect_anon response */
r_u . status = 0x0 ;
/* get a (unique) handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( r_u . status = = 0x0 & & ! ( pol_open = open_lsa_policy_hnd ( & ( r_u . connect_pol ) ) ) )
1998-10-15 09:47:29 +04:00
{
r_u . status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
/* associate the domain SID with the (unique) handle. */
1999-12-13 16:27:58 +03:00
if ( r_u . status = = 0x0 & & ! set_lsa_policy_samr_pol_status ( & ( r_u . connect_pol ) , q_u - > unknown_0 ) )
1998-10-15 09:47:29 +04:00
{
/* oh, whoops. don't know what error message to return, here */
r_u . status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( r_u . status ! = 0 & & pol_open )
{
1999-12-13 16:27:58 +03:00
close_lsa_policy_hnd ( & ( r_u . connect_pol ) ) ;
1998-10-15 09:47:29 +04:00
}
DEBUG ( 5 , ( " samr_connect_anon: %d \n " , __LINE__ ) ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_connect_anon ( " " , & r_u , rdata , 0 ) )
return False ;
1998-10-15 09:47:29 +04:00
DEBUG ( 5 , ( " samr_connect_anon: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1998-10-15 09:47:29 +04:00
}
/*******************************************************************
api_samr_connect_anon
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_connect_anon ( pipes_struct * p )
1998-10-15 09:47:29 +04:00
{
SAMR_Q_CONNECT_ANON q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open policy */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_connect_anon ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_connect_anon ( & q_u , rdata ) )
return False ;
1999-12-13 16:27:58 +03:00
return True ;
1998-10-15 09:47:29 +04:00
}
1998-03-12 00:11:04 +03:00
/*******************************************************************
samr_reply_connect
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-05-16 23:45:26 +04:00
static BOOL samr_reply_connect ( SAMR_Q_CONNECT * q_u , prs_struct * rdata )
1998-03-12 00:11:04 +03:00
{
SAMR_R_CONNECT r_u ;
BOOL pol_open = False ;
/* set up the SAMR connect response */
r_u . status = 0x0 ;
/* get a (unique) handle. open a policy on it. */
1999-12-13 16:27:58 +03:00
if ( r_u . status = = 0x0 & & ! ( pol_open = open_lsa_policy_hnd ( & ( r_u . connect_pol ) ) ) )
1998-03-12 00:11:04 +03:00
{
r_u . status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
/* associate the domain SID with the (unique) handle. */
2001-01-12 02:49:51 +03:00
if ( r_u . status = = 0x0 & &
! set_lsa_policy_samr_pol_status ( & ( r_u . connect_pol ) ,
q_u - > access_mask ) )
1998-03-12 00:11:04 +03:00
{
/* oh, whoops. don't know what error message to return, here */
r_u . status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
if ( r_u . status ! = 0 & & pol_open )
{
1999-12-13 16:27:58 +03:00
close_lsa_policy_hnd ( & ( r_u . connect_pol ) ) ;
1998-03-12 00:11:04 +03:00
}
DEBUG ( 5 , ( " samr_connect: %d \n " , __LINE__ ) ) ;
/* store the response in the SMB stream */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_r_connect ( " " , & r_u , rdata , 0 ) )
return False ;
1998-03-12 00:11:04 +03:00
DEBUG ( 5 , ( " samr_connect: %d \n " , __LINE__ ) ) ;
2000-05-16 23:45:26 +04:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
api_samr_connect
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_connect ( pipes_struct * p )
1998-03-12 00:11:04 +03:00
{
SAMR_Q_CONNECT q_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-12-13 16:27:58 +03:00
/* grab the samr open policy */
2000-05-16 23:45:26 +04:00
if ( ! samr_io_q_connect ( " " , & q_u , data , 0 ) )
return False ;
1999-12-13 16:27:58 +03:00
/* construct reply. always indicate success */
2000-05-16 23:45:26 +04:00
if ( ! samr_reply_connect ( & q_u , rdata ) )
return False ;
return True ;
}
/**********************************************************************
api_samr_lookup_domain
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_lookup_domain ( pipes_struct * p )
2000-05-16 23:45:26 +04:00
{
2000-06-16 12:11:32 +04:00
SAMR_Q_LOOKUP_DOMAIN q_u ;
2000-10-07 21:32:40 +04:00
SAMR_R_LOOKUP_DOMAIN r_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
2000-05-16 23:45:26 +04:00
2000-10-07 21:32:40 +04:00
ZERO_STRUCT ( q_u ) ;
ZERO_STRUCT ( r_u ) ;
if ( ! samr_io_q_lookup_domain ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN. \n " ) ) ;
2000-05-16 23:45:26 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
2000-06-16 12:11:32 +04:00
2000-10-07 21:32:40 +04:00
r_u . status = 0x0 ;
2000-05-16 23:45:26 +04:00
2000-10-07 21:32:40 +04:00
if ( find_lsa_policy_by_hnd ( & q_u . connect_pol ) = = - 1 ) {
r_u . status = NT_STATUS_INVALID_HANDLE ;
DEBUG ( 5 , ( " api_samr_lookup_domain: invalid handle \n " ) ) ;
}
2000-08-18 09:57:09 +04:00
2000-10-07 21:32:40 +04:00
/* assume the domain name sent is our global_myname and
send global_sam_sid */
init_samr_r_lookup_domain ( & r_u , & global_sam_sid , r_u . status ) ;
if ( ! samr_io_r_lookup_domain ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " api_samr_lookup_domain: Unable to marshall SAMR_R_LOOKUP_DOMAIN. \n " ) ) ;
2000-05-16 23:45:26 +04:00
return False ;
}
2000-10-07 21:32:40 +04:00
1999-12-13 16:27:58 +03:00
return True ;
1998-03-12 00:11:04 +03:00
}
2000-05-16 23:45:26 +04:00
/**********************************************************************
api_samr_enum_domains
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
static BOOL api_samr_enum_domains ( pipes_struct * p )
2000-05-16 23:45:26 +04:00
{
2000-06-16 12:11:32 +04:00
SAMR_Q_ENUM_DOMAINS q_u ;
2000-10-07 21:32:40 +04:00
SAMR_R_ENUM_DOMAINS r_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
2000-10-07 21:32:40 +04:00
fstring dom [ 2 ] ;
ZERO_STRUCT ( q_u ) ;
ZERO_STRUCT ( r_u ) ;
2000-05-16 23:45:26 +04:00
2000-10-13 18:02:01 +04:00
fstrcpy ( dom [ 0 ] , global_myworkgroup ) ;
2000-10-07 21:32:40 +04:00
fstrcpy ( dom [ 1 ] , " Builtin " ) ;
if ( ! samr_io_q_enum_domains ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_enum_domains: Unable to unmarshall SAMR_Q_ENUM_DOMAINS. \n " ) ) ;
2000-05-16 23:45:26 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
r_u . status = NT_STATUS_NO_PROBLEMO ;
init_samr_r_enum_domains ( & r_u , q_u . start_idx , dom , 2 ) ;
if ( ! samr_io_r_enum_domains ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS. \n " ) ) ;
free ( r_u . sam ) ;
free ( r_u . uni_dom_name ) ;
2000-05-16 23:45:26 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
free ( r_u . sam ) ;
free ( r_u . uni_dom_name ) ;
2000-06-16 12:11:32 +04:00
return True ;
2000-05-16 23:45:26 +04:00
}
2000-10-07 19:56:36 +04:00
1998-03-12 00:11:04 +03:00
/*******************************************************************
2000-10-07 19:56:36 +04:00
api_samr_open_alias
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-10-07 19:56:36 +04:00
static uint32 _api_samr_open_alias ( POLICY_HND domain_pol , uint32 alias_rid , POLICY_HND * alias_pol )
1998-03-12 00:11:04 +03:00
{
2000-10-07 19:56:36 +04:00
DOM_SID sid ;
/* get the domain policy. */
2000-10-09 18:41:19 +04:00
if ( find_lsa_policy_by_hnd ( & domain_pol ) = = - 1 )
return NT_STATUS_INVALID_HANDLE ;
1998-03-12 00:11:04 +03:00
/* get a (unique) handle. open a policy on it. */
2000-10-07 19:56:36 +04:00
if ( ! open_lsa_policy_hnd ( alias_pol ) )
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
/* Get the domain SID stored in the domain policy */
if ( ! get_lsa_policy_samr_sid ( & domain_pol , & sid ) ) {
close_lsa_policy_hnd ( alias_pol ) ;
return NT_STATUS_INVALID_HANDLE ;
}
/* append the alias' RID to it */
if ( ! sid_append_rid ( & sid , alias_rid ) ) {
close_lsa_policy_hnd ( alias_pol ) ;
return NT_STATUS_NO_SUCH_USER ;
1998-03-12 00:11:04 +03:00
}
/* associate a RID with the (unique) handle. */
2000-10-07 19:56:36 +04:00
if ( ! set_lsa_policy_samr_sid ( alias_pol , & sid ) ) {
1998-12-01 22:10:44 +03:00
/* oh, whoops. don't know what error message to return, here */
2000-10-07 19:56:36 +04:00
close_lsa_policy_hnd ( alias_pol ) ;
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
1998-12-01 22:10:44 +03:00
}
2000-10-07 19:56:36 +04:00
return NT_STATUS_NO_PROBLEMO ;
}
1998-03-12 00:11:04 +03:00
2000-10-07 19:56:36 +04:00
/*******************************************************************
api_samr_open_alias
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL api_samr_open_alias ( pipes_struct * p )
{
SAMR_Q_OPEN_ALIAS q_u ;
SAMR_R_OPEN_ALIAS r_u ;
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
ZERO_STRUCT ( q_u ) ;
ZERO_STRUCT ( r_u ) ;
/* grab the samr open policy */
2000-10-07 21:32:40 +04:00
if ( ! samr_io_q_open_alias ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_open_alias: Unable to unmarshall SAMR_Q_OPEN_ALIAS. \n " ) ) ;
2000-10-07 19:56:36 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
2000-10-07 19:56:36 +04:00
r_u . status = _api_samr_open_alias ( q_u . dom_pol , q_u . rid_alias , & r_u . pol ) ;
1998-03-12 00:11:04 +03:00
/* store the response in the SMB stream */
2000-10-07 21:32:40 +04:00
if ( ! samr_io_r_open_alias ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " api_samr_open_alias: Unable to marshall SAMR_R_OPEN_ALIAS. \n " ) ) ;
2000-05-16 23:45:26 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
2000-10-07 19:56:36 +04:00
return True ;
}
/*******************************************************************
set_user_info_10
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL set_user_info_10 ( const SAM_USER_INFO_10 * id10 , uint32 rid )
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * pwd = pdb_getsampwrid ( rid ) ;
2000-10-07 19:56:36 +04:00
if ( id10 = = NULL ) {
DEBUG ( 5 , ( " set_user_info_10: NULL id10 \n " ) ) ;
return False ;
}
if ( pwd = = NULL )
return False ;
2000-11-14 02:03:34 +03:00
pdb_set_acct_ctrl ( pwd , id10 - > acb_info ) ;
2000-10-07 19:56:36 +04:00
2000-11-14 02:03:34 +03:00
if ( ! pdb_update_sam_account ( pwd , True ) )
2000-10-07 19:56:36 +04:00
return False ;
return True ;
}
/*******************************************************************
set_user_info_12
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-11-14 02:03:34 +03:00
static BOOL set_user_info_12 ( SAM_USER_INFO_12 * id12 , uint32 rid )
2000-10-07 19:56:36 +04:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * pwd = pdb_getsampwrid ( rid ) ;
2000-10-07 19:56:36 +04:00
if ( pwd = = NULL )
return False ;
if ( id12 = = NULL ) {
DEBUG ( 2 , ( " set_user_info_12: id12 is NULL \n " ) ) ;
return False ;
}
2000-11-14 02:03:34 +03:00
pdb_set_lanman_passwd ( pwd , id12 - > lm_pwd ) ;
pdb_set_nt_passwd ( pwd , id12 - > nt_pwd ) ;
2000-10-07 19:56:36 +04:00
2000-11-14 02:03:34 +03:00
if ( ! pdb_update_sam_account ( pwd , True ) )
2000-10-07 19:56:36 +04:00
return False ;
return True ;
}
/*******************************************************************
set_user_info_21
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-11-21 08:55:16 +03:00
static BOOL set_user_info_21 ( SAM_USER_INFO_21 * id21 , uint32 rid )
2000-10-07 19:56:36 +04:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * pwd = pdb_getsampwrid ( rid ) ;
SAM_ACCOUNT new_pwd ;
2000-10-07 19:56:36 +04:00
if ( id21 = = NULL ) {
DEBUG ( 5 , ( " set_user_info_21: NULL id21 \n " ) ) ;
return False ;
}
if ( pwd = = NULL )
return False ;
2000-11-21 08:55:16 +03:00
/* we make a copy so that we can modify stuff */
2000-10-07 19:56:36 +04:00
copy_sam_passwd ( & new_pwd , pwd ) ;
copy_id21_to_sam_passwd ( & new_pwd , id21 ) ;
2000-11-21 08:55:16 +03:00
/*
* The funny part about the previous two calls is
* that pwd still has the password hashes from the
* passdb entry . These have not been updated from
* id21 . I don ' t know if they need to be set . - - jerry
*/
2000-10-07 19:56:36 +04:00
2000-11-21 08:55:16 +03:00
/* write the change out */
2000-11-14 02:03:34 +03:00
if ( ! pdb_update_sam_account ( & new_pwd , True ) )
2000-10-07 19:56:36 +04:00
return False ;
2000-11-14 02:03:34 +03:00
2000-10-07 19:56:36 +04:00
return True ;
}
/*******************************************************************
set_user_info_23
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL set_user_info_23 ( SAM_USER_INFO_23 * id23 , uint32 rid )
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * pwd = pdb_getsampwrid ( rid ) ;
SAM_ACCOUNT new_pwd ;
BYTE nt_hash [ 16 ] ;
BYTE lm_hash [ 16 ] ;
2000-10-07 19:56:36 +04:00
pstring buf ;
uint32 len ;
if ( id23 = = NULL ) {
DEBUG ( 5 , ( " set_user_info_23: NULL id23 \n " ) ) ;
return False ;
}
if ( pwd = = NULL )
return False ;
copy_sam_passwd ( & new_pwd , pwd ) ;
copy_id23_to_sam_passwd ( & new_pwd , id23 ) ;
1998-03-12 00:11:04 +03:00
2000-11-14 02:03:34 +03:00
if ( ! decode_pw_buffer ( ( char * ) id23 - > pass , buf , 256 , & len ) )
2000-10-07 19:56:36 +04:00
return False ;
nt_lm_owf_gen ( buf , nt_hash , lm_hash ) ;
2000-11-14 02:03:34 +03:00
pdb_set_lanman_passwd ( & new_pwd , lm_hash ) ;
pdb_set_nt_passwd ( & new_pwd , nt_hash ) ;
2000-10-07 19:56:36 +04:00
2000-10-10 17:08:55 +04:00
/* update the UNIX password */
if ( lp_unix_password_sync ( ) )
2000-11-14 02:03:34 +03:00
if ( ! chgpasswd ( pdb_get_username ( & new_pwd ) , " " , buf , True ) )
2000-10-10 17:08:55 +04:00
return False ;
memset ( buf , 0 , sizeof ( buf ) ) ;
2000-11-14 02:03:34 +03:00
if ( ! pdb_update_sam_account ( & new_pwd , True ) )
2000-10-07 19:56:36 +04:00
return False ;
2000-05-16 23:45:26 +04:00
return True ;
1998-03-12 00:11:04 +03:00
}
/*******************************************************************
2000-10-07 19:56:36 +04:00
set_user_info_24
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-10-07 19:56:36 +04:00
static BOOL set_user_info_24 ( const SAM_USER_INFO_24 * id24 , uint32 rid )
1998-03-12 00:11:04 +03:00
{
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * pwd = pdb_getsampwrid ( rid ) ;
uchar nt_hash [ 16 ] ;
uchar lm_hash [ 16 ] ;
2000-10-07 19:56:36 +04:00
uint32 len ;
pstring buf ;
if ( pwd = = NULL )
return False ;
2000-10-13 18:02:01 +04:00
memset ( buf , 0 , sizeof ( buf ) ) ;
2000-11-14 02:03:34 +03:00
if ( ! decode_pw_buffer ( ( char * ) id24 - > pass , buf , 256 , & len ) )
2000-10-07 19:56:36 +04:00
return False ;
2000-11-14 02:03:34 +03:00
DEBUG ( 0 , ( " set_user_info_24:nt_lm_owf_gen \n " ) ) ;
2000-10-07 19:56:36 +04:00
nt_lm_owf_gen ( buf , nt_hash , lm_hash ) ;
2000-11-14 02:03:34 +03:00
pdb_set_lanman_passwd ( pwd , lm_hash ) ;
pdb_set_nt_passwd ( pwd , nt_hash ) ;
2000-10-07 19:56:36 +04:00
2000-10-10 17:08:55 +04:00
/* update the UNIX password */
if ( lp_unix_password_sync ( ) )
2000-11-14 02:03:34 +03:00
if ( ! chgpasswd ( pdb_get_username ( pwd ) , " " , buf , True ) )
2000-10-10 17:08:55 +04:00
return False ;
memset ( buf , 0 , sizeof ( buf ) ) ;
2000-11-14 02:03:34 +03:00
DEBUG ( 0 , ( " set_user_info_24: pdb_update_sam_account() \n " ) ) ;
2000-10-10 17:08:55 +04:00
/* update the SAMBA password */
2000-11-14 02:03:34 +03:00
if ( ! pdb_update_sam_account ( pwd , True ) )
2000-10-07 19:56:36 +04:00
return False ;
return True ;
}
/*******************************************************************
samr_reply_set_userinfo
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-11-14 02:03:34 +03:00
static uint32 _samr_set_userinfo ( POLICY_HND * pol , uint16 switch_value ,
SAM_USERINFO_CTR * ctr , pipes_struct * p )
2000-10-07 19:56:36 +04:00
{
uint32 rid = 0x0 ;
DOM_SID sid ;
2000-10-10 17:08:55 +04:00
struct current_user user ;
2000-11-14 02:03:34 +03:00
SAM_ACCOUNT * sam_pass ;
2000-10-10 17:08:55 +04:00
unsigned char sess_key [ 16 ] ;
DEBUG ( 5 , ( " _samr_set_userinfo: %d \n " , __LINE__ ) ) ;
2000-10-07 19:56:36 +04:00
2000-11-14 02:03:34 +03:00
if ( p - > ntlmssp_auth_validated )
{
2000-10-10 17:08:55 +04:00
memcpy ( & user , & p - > pipe_user , sizeof ( user ) ) ;
2000-11-14 02:03:34 +03:00
}
else
{
2000-10-10 17:08:55 +04:00
extern struct current_user current_user ;
memcpy ( & user , & current_user , sizeof ( user ) ) ;
}
2000-10-07 19:56:36 +04:00
/* search for the handle */
if ( find_lsa_policy_by_hnd ( pol ) = = - 1 )
return NT_STATUS_INVALID_HANDLE ;
/* find the policy handle. open a policy on it. */
if ( ! get_lsa_policy_samr_sid ( pol , & sid ) )
return NT_STATUS_INVALID_HANDLE ;
sid_split_rid ( & sid , & rid ) ;
2000-10-10 17:08:55 +04:00
DEBUG ( 5 , ( " _samr_set_userinfo: rid:0x%x, level:%d \n " , rid , switch_value ) ) ;
2000-10-07 19:56:36 +04:00
if ( ctr = = NULL ) {
2000-10-10 17:08:55 +04:00
DEBUG ( 5 , ( " _samr_set_userinfo: NULL info level \n " ) ) ;
2000-10-07 19:56:36 +04:00
return NT_STATUS_INVALID_INFO_CLASS ;
}
2000-10-10 17:08:55 +04:00
/*
* We need the NT hash of the user who is changing the user ' s password .
* This NT hash is used to generate a " user session key "
* This " user session key " is in turn used to encrypt / decrypt the user ' s password .
*/
become_root ( ) ;
2000-11-14 02:03:34 +03:00
sam_pass = pdb_getsampwuid ( user . uid ) ;
2000-10-10 17:08:55 +04:00
unbecome_root ( ) ;
2000-11-14 02:03:34 +03:00
if ( sam_pass = = NULL ) {
DEBUG ( 0 , ( " _samr_set_userinfo: Unable to get passdb entry for uid %u \n " ,
( unsigned int ) pdb_get_uid ( sam_pass ) ) ) ;
2000-10-10 17:08:55 +04:00
return NT_STATUS_ACCESS_DENIED ;
}
memset ( sess_key , ' \0 ' , 16 ) ;
2000-11-14 02:03:34 +03:00
mdfour ( sess_key , pdb_get_nt_passwd ( sam_pass ) , 16 ) ;
2000-10-10 17:08:55 +04:00
2000-10-07 19:56:36 +04:00
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch ( switch_value ) {
case 0x12 :
if ( ! set_user_info_12 ( ctr - > info . id12 , rid ) )
return NT_STATUS_ACCESS_DENIED ;
break ;
case 24 :
2000-10-10 17:08:55 +04:00
SamOEMhash ( ctr - > info . id24 - > pass , sess_key , 1 ) ;
2000-10-07 19:56:36 +04:00
if ( ! set_user_info_24 ( ctr - > info . id24 , rid ) )
return NT_STATUS_ACCESS_DENIED ;
break ;
case 23 :
2000-10-10 17:08:55 +04:00
SamOEMhash ( ctr - > info . id23 - > pass , sess_key , 1 ) ;
2000-10-07 19:56:36 +04:00
if ( ! set_user_info_23 ( ctr - > info . id23 , rid ) )
return NT_STATUS_ACCESS_DENIED ;
break ;
default :
return NT_STATUS_INVALID_INFO_CLASS ;
}
return NT_STATUS_NOPROBLEMO ;
}
/*******************************************************************
api_samr_set_userinfo
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL api_samr_set_userinfo ( pipes_struct * p )
{
SAMR_Q_SET_USERINFO q_u ;
SAMR_R_SET_USERINFO r_u ;
2000-06-16 12:11:32 +04:00
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
1999-02-24 04:52:30 +03:00
2000-10-07 19:56:36 +04:00
SAM_USERINFO_CTR ctr ;
ZERO_STRUCT ( q_u ) ;
ZERO_STRUCT ( r_u ) ;
q_u . ctr = & ctr ;
2000-10-07 21:32:40 +04:00
if ( ! samr_io_q_set_userinfo ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. \n " ) ) ;
2000-05-16 23:45:26 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
1999-02-24 04:52:30 +03:00
2000-10-10 17:08:55 +04:00
r_u . status = _samr_set_userinfo ( & q_u . pol , q_u . switch_value , & ctr , p ) ;
2000-10-07 19:56:36 +04:00
free_samr_q_set_userinfo ( & q_u ) ;
2000-10-07 21:32:40 +04:00
if ( ! samr_io_r_set_userinfo ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " api_samr_set_userinfo: Unable to marshall SAMR_R_SET_USERINFO. \n " ) ) ;
2000-05-16 23:45:26 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
1999-02-24 04:52:30 +03:00
1999-12-13 16:27:58 +03:00
return True ;
1999-02-24 04:52:30 +03:00
}
2000-10-07 19:56:36 +04:00
/*******************************************************************
samr_reply_set_userinfo2
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static uint32 _samr_set_userinfo2 ( POLICY_HND * pol , uint16 switch_value , SAM_USERINFO_CTR * ctr )
{
DOM_SID sid ;
uint32 rid = 0x0 ;
DEBUG ( 5 , ( " samr_reply_set_userinfo2: %d \n " , __LINE__ ) ) ;
/* search for the handle */
if ( find_lsa_policy_by_hnd ( pol ) = = - 1 )
return NT_STATUS_INVALID_HANDLE ;
/* find the policy handle. open a policy on it. */
if ( ! get_lsa_policy_samr_sid ( pol , & sid ) )
return NT_STATUS_INVALID_HANDLE ;
sid_split_rid ( & sid , & rid ) ;
DEBUG ( 5 , ( " samr_reply_set_userinfo2: rid:0x%x \n " , rid ) ) ;
if ( ctr = = NULL ) {
DEBUG ( 5 , ( " samr_reply_set_userinfo2: NULL info level \n " ) ) ;
return NT_STATUS_INVALID_INFO_CLASS ;
}
ctr - > switch_value = switch_value ;
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch ( switch_value ) {
case 21 :
if ( ! set_user_info_21 ( ctr - > info . id21 , rid ) )
return NT_STATUS_ACCESS_DENIED ;
break ;
case 16 :
if ( ! set_user_info_10 ( ctr - > info . id10 , rid ) )
return NT_STATUS_ACCESS_DENIED ;
break ;
default :
return NT_STATUS_INVALID_INFO_CLASS ;
}
return NT_STATUS_NOPROBLEMO ;
}
/*******************************************************************
api_samr_set_userinfo2
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static BOOL api_samr_set_userinfo2 ( pipes_struct * p )
{
SAMR_Q_SET_USERINFO2 q_u ;
SAMR_R_SET_USERINFO2 r_u ;
SAM_USERINFO_CTR ctr ;
prs_struct * data = & p - > in_data . data ;
prs_struct * rdata = & p - > out_data . rdata ;
ZERO_STRUCT ( q_u ) ;
ZERO_STRUCT ( r_u ) ;
q_u . ctr = & ctr ;
2000-10-07 21:32:40 +04:00
if ( ! samr_io_q_set_userinfo2 ( " " , & q_u , data , 0 ) ) {
DEBUG ( 0 , ( " api_samr_set_userinfo2: Unable to unmarshall SAMR_Q_SET_USERINFO2. \n " ) ) ;
2000-10-07 19:56:36 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
2000-10-07 19:56:36 +04:00
r_u . status = _samr_set_userinfo2 ( & q_u . pol , q_u . switch_value , & ctr ) ;
free_samr_q_set_userinfo2 ( & q_u ) ;
2000-10-07 21:32:40 +04:00
if ( ! samr_io_r_set_userinfo2 ( " " , & r_u , rdata , 0 ) ) {
DEBUG ( 0 , ( " api_samr_set_userinfo2: Unable to marshall SAMR_R_SET_USERINFO2. \n " ) ) ;
2000-10-07 19:56:36 +04:00
return False ;
2000-10-07 21:32:40 +04:00
}
2000-10-07 19:56:36 +04:00
return True ;
}
1998-03-12 00:11:04 +03:00
/*******************************************************************
array of \ PIPE \ samr operations
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static struct api_struct api_samr_cmds [ ] =
{
{ " SAMR_CLOSE_HND " , SAMR_CLOSE_HND , api_samr_close_hnd } ,
{ " SAMR_CONNECT " , SAMR_CONNECT , api_samr_connect } ,
1998-10-15 09:47:29 +04:00
{ " SAMR_CONNECT_ANON " , SAMR_CONNECT_ANON , api_samr_connect_anon } ,
1998-03-12 00:11:04 +03:00
{ " SAMR_ENUM_DOM_USERS " , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users } ,
{ " SAMR_ENUM_DOM_GROUPS " , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups } ,
{ " SAMR_ENUM_DOM_ALIASES " , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases } ,
1999-12-13 16:27:58 +03:00
{ " SAMR_LOOKUP_IDS " , SAMR_LOOKUP_IDS , api_samr_lookup_ids } ,
1998-03-12 00:11:04 +03:00
{ " SAMR_LOOKUP_NAMES " , SAMR_LOOKUP_NAMES , api_samr_lookup_names } ,
{ " SAMR_OPEN_USER " , SAMR_OPEN_USER , api_samr_open_user } ,
{ " SAMR_QUERY_USERINFO " , SAMR_QUERY_USERINFO , api_samr_query_userinfo } ,
2000-10-07 19:56:36 +04:00
{ " SAMR_QUERY_DOMAIN_INFO " , SAMR_QUERY_DOMAIN_INFO , api_samr_query_dom_info } ,
1998-03-12 00:11:04 +03:00
{ " SAMR_QUERY_USERGROUPS " , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups } ,
{ " SAMR_QUERY_DISPINFO " , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo } ,
{ " SAMR_QUERY_ALIASINFO " , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo } ,
2000-09-27 17:02:57 +04:00
{ " SAMR_CREATE_USER " , SAMR_CREATE_USER , api_samr_create_user } ,
2000-10-07 19:56:36 +04:00
{ " SAMR_LOOKUP_RIDS " , SAMR_LOOKUP_RIDS , api_samr_lookup_rids } ,
1999-12-13 16:27:58 +03:00
{ " SAMR_UNKNOWN_38 " , SAMR_UNKNOWN_38 , api_samr_unknown_38 } ,
1998-10-17 03:40:59 +04:00
{ " SAMR_CHGPASSWD_USER " , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user } ,
1998-03-12 00:11:04 +03:00
{ " SAMR_OPEN_ALIAS " , SAMR_OPEN_ALIAS , api_samr_open_alias } ,
{ " SAMR_OPEN_DOMAIN " , SAMR_OPEN_DOMAIN , api_samr_open_domain } ,
1999-12-13 16:27:58 +03:00
{ " SAMR_UNKNOWN_3 " , SAMR_UNKNOWN_3 , api_samr_unknown_3 } ,
{ " SAMR_UNKNOWN_2C " , SAMR_UNKNOWN_2C , api_samr_unknown_2c } ,
2000-05-16 23:45:26 +04:00
{ " SAMR_LOOKUP_DOMAIN " , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain } ,
{ " SAMR_ENUM_DOMAINS " , SAMR_ENUM_DOMAINS , api_samr_enum_domains } ,
2000-10-07 19:56:36 +04:00
{ " SAMR_SET_USERINFO " , SAMR_SET_USERINFO , api_samr_set_userinfo } ,
{ " SAMR_SET_USERINFO2 " , SAMR_SET_USERINFO2 , api_samr_set_userinfo2 } ,
1998-10-02 22:45:07 +04:00
{ NULL , 0 , NULL }
1998-03-12 00:11:04 +03:00
} ;
/*******************************************************************
receives a samr pipe and responds .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-06-16 12:11:32 +04:00
BOOL api_samr_rpc ( pipes_struct * p )
1998-03-12 00:11:04 +03:00
{
2000-06-16 12:11:32 +04:00
return api_rpcTNP ( p , " api_samr_rpc " , api_samr_cmds ) ;
1998-03-12 00:11:04 +03:00
}
2000-05-09 17:28:19 +04:00
# undef OLD_NTDOMAIN