sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
a8d51f8762
samba-mirror/source4/rpc_server/samr/dcesrv_samr.c

3479 lines
90 KiB
C
Raw Normal View History

r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
Unix SMB/CIFS implementation.
endpoint server for the samr pipe
Copyright (C) Andrew Tridgell 2004
r4381: Add my copyright (This used to be commit 9e27a83ac3b1470ba52df01743d9a64fcbecc64b)
2004-12-29 02:05:48 +03:00
Copyright (C) Volker Lendecke 2004
r4703: Add support for EnumTrustDomain, and expand the testsuite. Add my copyright to the SAMR server. Andrew Bartlett (This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
2005-01-12 10:57:33 +03:00
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
r3428: switched to using minimal includes for the auto-generated RPC code. The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2004-11-01 13:30:34 +03:00
#include "librpc/gen_ndr/ndr_samr.h"
r3468: split out dcerpc_server.h (This used to be commit 729e0026e4408f74f140375537d4fe48c1fc3242)
2004-11-02 10:42:47 +03:00
#include "rpc_server/dcerpc_server.h"
r465: we need common.h in two more rpc server pipes (This used to be commit d96b68169a5ab46cc0550732d4fe94af75e06fd6)
2004-05-04 10:11:47 +04:00
#include "rpc_server/common/common.h"
r839: password set/change in the samr server is complex enough that it deserves its own C module (This used to be commit 2ba7ff824c32b3db037263ddcff9c876293ea284)
2004-05-24 09:35:59 +04:00
#include "rpc_server/samr/dcesrv_samr.h"
r3447: more include/system/XXX.h include files (This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2004-11-02 03:24:21 +03:00
#include "system/time.h"
r3783: - don't use make proto for ldb anymore - split ldh.h out of samba's includes.h - make ldb_context and ldb_module private to the subsystem - use ltdb_ prefix for all ldb_tdb functions metze (This used to be commit f5ee40d6ce8224e280070975efc9911558fe675c)
2004-11-16 12:00:52 +03:00
#include "lib/ldb/include/ldb.h"
r5309: removed ads.h from includes.h (This used to be commit 196c45b834c39f293b9533cec5cfe5a77382d4e2)
2005-02-10 10:43:39 +03:00
#include "ads.h"
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
/*
This is a bad temporary hack until we have at least some kind of schema
support
*/
r5298: - got rid of pstring.h from includes.h. This at least makes it a bit less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2005-02-10 08:09:35 +03:00
static char *ldb_hexstr(TALLOC_CTX *mem_ctx, uint32_t val)
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
{
return talloc_asprintf(mem_ctx, "0x%.8x", val);
}
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
samr_Connect
create a connection to the SAM database
*/
static NTSTATUS samr_Connect(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect *r)
{
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_connect_state *c_state;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
struct dcesrv_handle *handle;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
ZERO_STRUCTP(r->out.connect_handle);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
c_state = talloc(dce_call->conn, struct samr_connect_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (!c_state) {
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
return NT_STATUS_NO_MEMORY;
}
/* make sure the sam database is accessible */
r2628: got rid of some warnings and converted a few more places to use hierarchical memory allocation (This used to be commit 26da45a8019a2d6c9ff2ac2a6739c7d0b42b00de)
2004-09-25 15:48:30 +04:00
c_state->sam_ctx = samdb_connect(c_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (c_state->sam_ctx == NULL) {
r2247: talloc_destroy -> talloc_free (This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
2004-09-08 04:00:56 +04:00
talloc_free(c_state);
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return NT_STATUS_INVALID_SYSTEM_SERVICE;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
handle = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_CONNECT);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
if (!handle) {
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
talloc_free(c_state);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
handle->data = talloc_steal(handle, c_state);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
c_state->access_mask = r->in.access_mask;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
*r->out.connect_handle = handle->wire_handle;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
return NT_STATUS_OK;
}
/*
samr_Close
*/
static NTSTATUS samr_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Close *r)
{
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct dcesrv_handle *h;
*r->out.handle = *r->in.handle;
DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
talloc_free(h);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
ZERO_STRUCTP(r->out.handle);
return NT_STATUS_OK;
}
/*
samr_SetSecurity
*/
static NTSTATUS samr_SetSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetSecurity *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QuerySecurity
*/
static NTSTATUS samr_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QuerySecurity *r)
{
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 17:23:30 +04:00
struct dcesrv_handle *h;
r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We now verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
2004-11-20 03:29:04 +03:00
struct sec_desc_buf *sd;
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 17:23:30 +04:00
r->out.sdbuf = NULL;
DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
sd = talloc(mem_ctx, struct sec_desc_buf);
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 17:23:30 +04:00
if (sd == NULL) {
return NT_STATUS_NO_MEMORY;
}
sd->sd = samdb_default_security_descriptor(mem_ctx);
r->out.sdbuf = sd;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_Shutdown
we refuse this operation completely. If a admin wants to shutdown samr
in Samba then they should use the samba admin tools to disable the samr pipe
*/
static NTSTATUS samr_Shutdown(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Shutdown *r)
{
return NT_STATUS_ACCESS_DENIED;
}
/*
samr_LookupDomain
this maps from a domain name to a SID
*/
static NTSTATUS samr_LookupDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_LookupDomain *r)
{
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_connect_state *c_state;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
struct dcesrv_handle *h;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
struct dom_sid *sid;
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
const char * const dom_attrs[] = { "objectSid", NULL};
const char * const ref_attrs[] = { "ncName", NULL};
struct ldb_message **dom_msgs;
struct ldb_message **ref_msgs;
int ret;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r->out.sid = NULL;
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.connect_handle, SAMR_HANDLE_CONNECT);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
c_state = h->data;
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
r5364: Rename string fields called 'domain' and 'name' to be 'domain_name'. (This used to be commit 6749b9404d4e9876ecd964e038c608f05d2c0b69)
2005-02-13 03:26:43 +03:00
if (r->in.domain_name->string == NULL) {
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return NT_STATUS_INVALID_PARAMETER;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
if (strcasecmp(r->in.domain_name->string, "BUILTIN") == 0) {
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &dom_msgs, dom_attrs,
"(objectClass=builtinDomain)");
} else {
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &ref_msgs, ref_attrs,
"(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
r->in.domain_name->string);
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
if (ret != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
ret = gendb_search_dn(c_state->sam_ctx, mem_ctx,
samdb_result_string(ref_msgs[0], "ncName", NULL),
&dom_msgs, dom_attrs);
}
if (ret != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
sid = samdb_result_dom_sid(mem_ctx, dom_msgs[0],
"objectSid");
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
if (sid == NULL) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
return NT_STATUS_NO_SUCH_DOMAIN;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r->out.sid = sid;
return NT_STATUS_OK;
}
/*
samr_EnumDomains
list the domains in the SAM
*/
static NTSTATUS samr_EnumDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_EnumDomains *r)
{
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_connect_state *c_state;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
struct dcesrv_handle *h;
struct samr_SamArray *array;
int count, i, start_i;
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
const char * const dom_attrs[] = { "cn", NULL};
const char * const ref_attrs[] = { "nETBIOSName", NULL};
struct ldb_message **dom_msgs;
struct ldb_message **ref_msgs;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
*r->out.resume_handle = 0;
r->out.sam = NULL;
r->out.num_entries = 0;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.connect_handle, SAMR_HANDLE_CONNECT);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
c_state = h->data;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
count = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &dom_msgs, dom_attrs,
"(objectClass=domain)");
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
if (count == -1) {
r1335: NT_STATUS_INTERNAL_DB_CORRUPTION should cause DEBUG(0,(...)); metze (This used to be commit 80851e67783a9c3c8bdd7f2b52e0b46dd7b18d05)
2004-07-05 11:24:14 +04:00
DEBUG(0,("samdb: no domains found in EnumDomains\n"));
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
*r->out.resume_handle = count;
start_i = *r->in.resume_handle;
if (start_i >= count) {
/* search past end of list is not an error for this call */
return NT_STATUS_OK;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
array = talloc(mem_ctx, struct samr_SamArray);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
if (array == NULL) {
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return NT_STATUS_NO_MEMORY;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
array->count = 0;
array->entries = NULL;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
array->entries = talloc_array(mem_ctx, struct samr_SamEntry, count - start_i);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
if (array->entries == NULL) {
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return NT_STATUS_NO_MEMORY;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
for (i=0;i<count-start_i;i++) {
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
int ret;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
array->entries[i].idx = start_i + i;
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
/* try and find the domain */
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
ret = gendb_search(c_state->sam_ctx, mem_ctx, NULL,
&ref_msgs, ref_attrs,
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
"(&(objectClass=crossRef)(ncName=%s))",
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
dom_msgs[i]->dn);
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
if (ret == 1) {
array->entries[i].name.string = samdb_result_string(ref_msgs[0], "nETBIOSName", NULL);
} else {
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
array->entries[i].name.string = samdb_result_string(dom_msgs[i], "cn", NULL);
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
}
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r->out.sam = array;
r789: we return wrong number of entries (This used to be commit c0c1596dbdb1769c3f10c8299f61807497b1d38a)
2004-05-20 11:49:34 +04:00
r->out.num_entries = i;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
array->count = r->out.num_entries;
return NT_STATUS_OK;
}
/*
samr_OpenDomain
*/
static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
struct samr_OpenDomain *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
struct dcesrv_handle *h_conn, *h_domain;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *domain_name;
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
struct samr_connect_state *c_state;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_domain_state *d_state;
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
const char * const dom_attrs[] = { "cn", NULL};
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
const char * const ref_attrs[] = { "nETBIOSName", NULL};
struct ldb_message **dom_msgs;
struct ldb_message **ref_msgs;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
int ret;
ZERO_STRUCTP(r->out.domain_handle);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h_conn, r->in.connect_handle, SAMR_HANDLE_CONNECT);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
c_state = h_conn->data;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (r->in.sid == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(c_state->sam_ctx,
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
mem_ctx, NULL, &dom_msgs, dom_attrs,
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
"(&(objectSid=%s)(&(objectclass=domain)(!(objectClass=builtinDomain))))",
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
if (ret == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (ret == 0) {
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &dom_msgs, dom_attrs,
"(&(objectSid=%s)(objectClass=builtinDomain))",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
if (ret != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
domain_name = ldb_msg_find_string(dom_msgs[0], "cn", NULL);
if (domain_name == NULL) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
} else {
ret = gendb_search(c_state->sam_ctx,
mem_ctx, NULL, &ref_msgs, ref_attrs,
"(&(&(nETBIOSName=*)(objectclass=crossRef))(ncName=%s))",
dom_msgs[0]->dn);
if (ret != 1) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
domain_name = ldb_msg_find_string(ref_msgs[0], "nETBIOSName", NULL);
if (domain_name == NULL) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
d_state = talloc(c_state, struct samr_domain_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (!d_state) {
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
return NT_STATUS_NO_MEMORY;
}
r2675: added a convenience function void *talloc_reference(const void *context, const void *ptr); this function makes a secondary reference to ptr, and hangs it off the given context. This greatly simplifies some of the current reference counting code in the samr server and I suspect it will be widely used in other places too. the way you use it is like this: domain_state->connect_state = talloc_reference(domain_state, connect_state); that makes the element connect_state of domain_state a secondary reference to connect_state. The connect_state structure will then only be freed when both domain_state and the original connect_state go away, allowing you to free them independently and in any order. you could do this alrady using a talloc destructor, and that is what the samr server did previously, but that meant this construct was being reinvented in several places. So this convenience function sets up the destructor for you, giving a much more convenient and less error prone API. (This used to be commit dc5315086156644fad093cbe6b02d999adba8540)
2004-09-27 09:13:00 +04:00
d_state->connect_state = talloc_reference(d_state, c_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
d_state->sam_ctx = c_state->sam_ctx;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
d_state->domain_sid = dom_sid_dup(d_state, r->in.sid);
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
d_state->domain_name = talloc_strdup(d_state, domain_name);
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
d_state->domain_dn = talloc_strdup(d_state, dom_msgs[0]->dn);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (!d_state->domain_sid || !d_state->domain_name || !d_state->domain_dn) {
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
talloc_free(d_state);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_NO_MEMORY;
}
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
d_state->access_mask = r->in.access_mask;
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
h_domain = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_DOMAIN);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
if (!h_domain) {
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
talloc_free(d_state);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
return NT_STATUS_NO_MEMORY;
}
r2675: added a convenience function void *talloc_reference(const void *context, const void *ptr); this function makes a secondary reference to ptr, and hangs it off the given context. This greatly simplifies some of the current reference counting code in the samr server and I suspect it will be widely used in other places too. the way you use it is like this: domain_state->connect_state = talloc_reference(domain_state, connect_state); that makes the element connect_state of domain_state a secondary reference to connect_state. The connect_state structure will then only be freed when both domain_state and the original connect_state go away, allowing you to free them independently and in any order. you could do this alrady using a talloc destructor, and that is what the samr server did previously, but that meant this construct was being reinvented in several places. So this convenience function sets up the destructor for you, giving a much more convenient and less error prone API. (This used to be commit dc5315086156644fad093cbe6b02d999adba8540)
2004-09-27 09:13:00 +04:00
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
h_domain->data = talloc_steal(h_domain, d_state);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
*r->out.domain_handle = h_domain->wire_handle;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
/*
return DomInfo1
*/
static NTSTATUS samr_info_DomInfo1(struct samr_domain_state *state,
TALLOC_CTX *mem_ctx,
struct samr_DomInfo1 *info)
{
const char * const attrs[] = { "minPwdLength", "pwdHistoryLength",
"pwdProperties", "maxPwdAge",
"minPwdAge", NULL };
int ret;
struct ldb_message **res;
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(state->sam_ctx, mem_ctx,
state->domain_dn , &res, attrs);
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
info->min_password_length =
samdb_result_uint(res[0], "minPwdLength", 0);
info->password_history_length =
samdb_result_uint(res[0], "pwdHistoryLength", 0);
info->password_properties =
samdb_result_uint(res[0], "pwdProperties", 0);
info->max_password_age =
samdb_result_int64(res[0], "maxPwdAge", 0);
info->min_password_age =
samdb_result_int64(res[0], "minPwdAge", 0);
return NT_STATUS_OK;
}
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/*
return DomInfo2
*/
static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx,
struct samr_DomInfo2 *info)
{
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
const char * const dom_attrs[] = { "comment", NULL };
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
int ret;
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
struct ldb_message **dom_msgs;
const char *domain_name;
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(state->sam_ctx, mem_ctx,
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
state->domain_dn, &dom_msgs, dom_attrs);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r9015: Fix access to BUILTIN again. Andrew Bartlett (This used to be commit 2beb694226429319ff3799adbd7be50af99df02c)
2005-08-03 23:58:58 +04:00
domain_name = state->domain_name;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
/* where is this supposed to come from? is it settable? */
info->force_logoff_time = 0x8000000000000000LL;
r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e)
2005-08-03 22:30:21 +04:00
info->comment.string = samdb_result_string(dom_msgs[0], "comment", NULL);
info->domain_name.string = domain_name;
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
info->primary.string = lp_netbios_name();
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
info->sequence_num = 0;
info->role = ROLE_DOMAIN_PDC;
info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, NULL, "(objectClass=user)");
info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
"(&(objectClass=group)(sAMAccountType=%u))",
ATYPE_GLOBAL_GROUP);
info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, NULL,
"(&(objectClass=group)(sAMAccountType=%u))",
ATYPE_LOCAL_GROUP);
return NT_STATUS_OK;
}
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r4417: Reply to samr_QueryDomainInfo with the same static value as level2 does. Volker (This used to be commit 04cf580ef30ac38f3f312184a7b18551195a17ce)
2004-12-30 22:11:25 +03:00
/*
return DomInfo3
*/
static NTSTATUS samr_info_DomInfo3(struct samr_domain_state *state,
TALLOC_CTX *mem_ctx,
struct samr_DomInfo3 *info)
{
/* where is this supposed to come from? is it settable? */
info->force_logoff_time = 0x8000000000000000LL;
return NT_STATUS_OK;
}
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
samr_QueryDomainInfo
*/
static NTSTATUS samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct samr_QueryDomainInfo *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
r->out.info = NULL;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
d_state = h->data;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.info = talloc(mem_ctx, union samr_DomainInfo);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
if (!r->out.info) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(r->out.info);
switch (r->in.level) {
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
case 1:
return samr_info_DomInfo1(d_state, mem_ctx,
&r->out.info->info1);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
case 2:
return samr_info_DomInfo2(d_state, mem_ctx, &r->out.info->info2);
r4417: Reply to samr_QueryDomainInfo with the same static value as level2 does. Volker (This used to be commit 04cf580ef30ac38f3f312184a7b18551195a17ce)
2004-12-30 22:11:25 +03:00
case 3:
return samr_info_DomInfo3(d_state, mem_ctx,
&r->out.info->info3);
r917: - added the start of a LSA server to samba4. - added start of QueryDomainInfo in samr server "net rpc info" from samba3 now works against a samba4 server. I suspect join will work fairly soon. (This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
2004-05-27 08:13:58 +04:00
}
return NT_STATUS_INVALID_INFO_CLASS;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_SetDomainInfo
*/
static NTSTATUS samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetDomainInfo *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_CreateDomainGroup
*/
static NTSTATUS samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
struct samr_CreateDomainGroup *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
struct samr_domain_state *d_state;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
struct dcesrv_handle *h;
const char *name;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *msg;
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
struct dom_sid *sid;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *groupname;
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
struct dcesrv_handle *g_handle;
int ret;
ZERO_STRUCTP(r->out.group_handle);
*r->out.rid = 0;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
d_state = h->data;
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
groupname = r->in.name->string;
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
if (groupname == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
/* check if the group already exists */
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
"sAMAccountName",
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
"(&(sAMAccountName=%s)(objectclass=group))",
groupname);
if (name != NULL) {
return NT_STATUS_GROUP_EXISTS;
}
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
/* add core elements to the ldb_message for the user */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", groupname,
d_state->domain_dn);
if (!msg->dn) {
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
return NT_STATUS_NO_MEMORY;
}
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", groupname);
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
/* create the group */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
if (ret != 0) {
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
DEBUG(0,("Failed to create group record %s\n", msg->dn));
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
a_state = talloc(d_state, struct samr_account_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (!a_state) {
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
return NT_STATUS_NO_MEMORY;
}
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state->sam_ctx = d_state->sam_ctx;
a_state->access_mask = r->in.access_mask;
r2675: added a convenience function void *talloc_reference(const void *context, const void *ptr); this function makes a secondary reference to ptr, and hangs it off the given context. This greatly simplifies some of the current reference counting code in the samr server and I suspect it will be widely used in other places too. the way you use it is like this: domain_state->connect_state = talloc_reference(domain_state, connect_state); that makes the element connect_state of domain_state a secondary reference to connect_state. The connect_state structure will then only be freed when both domain_state and the original connect_state go away, allowing you to free them independently and in any order. you could do this alrady using a talloc destructor, and that is what the samr server did previously, but that meant this construct was being reinvented in several places. So this convenience function sets up the destructor for you, giving a much more convenient and less error prone API. (This used to be commit dc5315086156644fad093cbe6b02d999adba8540)
2004-09-27 09:13:00 +04:00
a_state->domain_state = talloc_reference(a_state, d_state);
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
a_state->account_dn = talloc_steal(a_state, msg->dn);
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
/* retrieve the sid for the group just created */
sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
r8520: fixed a pile of warnings from the build farm gcc -Wall output on S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2005-07-17 13:20:52 +04:00
msg->dn, "objectSid", "dn=%s", msg->dn);
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
if (sid == NULL) {
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
return NT_STATUS_UNSUCCESSFUL;
}
r4332: Fix a potential memleak. Volker (This used to be commit 8f2b9c9d320dbea197808081528477d7e4c816d1)
2004-12-23 00:20:12 +03:00
a_state->account_name = talloc_strdup(a_state, groupname);
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
if (!a_state->account_name) {
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
return NT_STATUS_NO_MEMORY;
}
/* create the policy handle */
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
g_handle = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_GROUP);
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
if (!g_handle) {
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
g_handle->data = talloc_steal(g_handle, a_state);
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
*r->out.group_handle = g_handle->wire_handle;
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
*r->out.rid = sid->sub_auths[sid->num_auths-1];
r605: Implement CreateDomainGroup, essentially cut&paste from CreateUser2. Volker (This used to be commit 59241c0c9aa2d64d66eb04e81aa5500681604061)
2004-05-09 15:21:46 +04:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
/*
comparison function for sorting SamEntry array
*/
static int compare_SamEntry(struct samr_SamEntry *e1, struct samr_SamEntry *e2)
{
return e1->idx - e2->idx;
}
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
samr_EnumDomainGroups
*/
static NTSTATUS samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
struct samr_EnumDomainGroups *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
struct ldb_message **res;
int ldb_cnt, count, i, first;
struct samr_SamEntry *entries;
const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
*r->out.resume_handle = 0;
r->out.sam = NULL;
r->out.num_entries = 0;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
/* search for all domain groups in this domain. This could possibly be
cached and resumed based on resume_key */
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
d_state->domain_sid,
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
"(&(grouptype=%s)(objectclass=group))",
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_GLOBAL_GROUP));
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ldb_cnt == 0 || r->in.max_size == 0) {
return NT_STATUS_OK;
}
/* convert to SamEntry format */
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
entries = talloc_array(mem_ctx, struct samr_SamEntry, ldb_cnt);
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
count = 0;
for (i=0;i<ldb_cnt;i++) {
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
struct dom_sid *group_sid;
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
group_sid = samdb_result_dom_sid(mem_ctx, res[i],
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
"objectSid");
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
if (group_sid == NULL)
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
continue;
entries[count].idx =
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
group_sid->sub_auths[group_sid->num_auths-1];
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
entries[count].name.string =
samdb_result_string(res[i], "sAMAccountName", "");
count += 1;
}
/* sort the results by rid */
qsort(entries, count, sizeof(struct samr_SamEntry),
(comparison_fn_t)compare_SamEntry);
/* find the first entry to return */
for (first=0;
first<count && entries[first].idx <= *r->in.resume_handle;
first++) ;
if (first == count) {
return NT_STATUS_OK;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 54 */
r->out.num_entries = count - first;
r->out.num_entries = MIN(r->out.num_entries,
1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER));
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sam = talloc(mem_ctx, struct samr_SamArray);
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
if (!r->out.sam) {
return NT_STATUS_NO_MEMORY;
}
r->out.sam->entries = entries+first;
r->out.sam->count = r->out.num_entries;
if (r->out.num_entries < count - first) {
*r->out.resume_handle = entries[first+r->out.num_entries-1].idx;
return STATUS_MORE_ENTRIES;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
/*
samr_CreateUser2
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
TODO: This should do some form of locking, especially around the rid allocation
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
*/
static NTSTATUS samr_CreateUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_CreateUser2 *r)
{
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
struct samr_domain_state *d_state;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct dcesrv_handle *h;
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
const char *name;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *msg;
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
struct dom_sid *sid;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *account_name;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct dcesrv_handle *u_handle;
int ret;
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
const char *container, *obj_class=NULL;
char *cn_name;
int cn_name_len;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
ZERO_STRUCTP(r->out.user_handle);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
*r->out.access_granted = 0;
*r->out.rid = 0;
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
d_state = h->data;
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
account_name = r->in.account_name->string;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r1025: Rename (across the samr and netlogon pipes, so far) pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2004-06-05 07:22:10 +04:00
if (account_name == NULL) {
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
return NT_STATUS_INVALID_PARAMETER;
}
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
/* check if the user already exists */
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
"sAMAccountName",
r1025: Rename (across the samr and netlogon pipes, so far) pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2004-06-05 07:22:10 +04:00
"(&(sAMAccountName=%s)(objectclass=user))", account_name);
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
if (name != NULL) {
return NT_STATUS_USER_EXISTS;
}
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
cn_name = talloc_strdup(mem_ctx, account_name);
NT_STATUS_HAVE_NO_MEMORY(cn_name);
cn_name_len = strlen(cn_name);
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
/* This must be one of these values *only* */
if (r->in.acct_flags == ACB_NORMAL) {
container = "Users";
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
obj_class = "user";
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
} else if (r->in.acct_flags == ACB_WSTRUST) {
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
if (cn_name[cn_name_len - 1] != '$') {
return NT_STATUS_FOOBAR;
}
cn_name[cn_name_len - 1] = '\0';
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
container = "Computers";
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
obj_class = "computer";
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
} else if (r->in.acct_flags == ACB_SVRTRUST) {
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
if (cn_name[cn_name_len - 1] != '$') {
return NT_STATUS_FOOBAR;
}
cn_name[cn_name_len - 1] = '\0';
r4320: fix locations of new trusting domains and domsin controller computer accounts metze (This used to be commit f75c2004a0fc889ce5d96790f7d1d5031bce3992)
2004-12-21 14:49:36 +03:00
container = "Domain Controllers";
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
obj_class = "computer";
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
} else if (r->in.acct_flags == ACB_DOMTRUST) {
r4320: fix locations of new trusting domains and domsin controller computer accounts metze (This used to be commit f75c2004a0fc889ce5d96790f7d1d5031bce3992)
2004-12-21 14:49:36 +03:00
container = "Users";
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
obj_class = "user";
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
} else {
return NT_STATUS_INVALID_PARAMETER;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
}
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
/* add core elements to the ldb_message for the user */
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=%s,%s", cn_name, container, d_state->domain_dn);
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (!msg->dn) {
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_NO_MEMORY;
}
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", account_name);
r8370: remove the '$' from in the cn: attribute for computer and dc accounts metze (This used to be commit 206f33778e8ff88b5eea493ead31342cc4405a22)
2005-07-12 14:59:12 +04:00
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", obj_class);
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
/* create the user */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (ret != 0) {
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
DEBUG(0,("Failed to create user record %s\n", msg->dn));
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
a_state = talloc(d_state, struct samr_account_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (!a_state) {
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_NO_MEMORY;
}
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state->sam_ctx = d_state->sam_ctx;
a_state->access_mask = r->in.access_mask;
r2675: added a convenience function void *talloc_reference(const void *context, const void *ptr); this function makes a secondary reference to ptr, and hangs it off the given context. This greatly simplifies some of the current reference counting code in the samr server and I suspect it will be widely used in other places too. the way you use it is like this: domain_state->connect_state = talloc_reference(domain_state, connect_state); that makes the element connect_state of domain_state a secondary reference to connect_state. The connect_state structure will then only be freed when both domain_state and the original connect_state go away, allowing you to free them independently and in any order. you could do this alrady using a talloc destructor, and that is what the samr server did previously, but that meant this construct was being reinvented in several places. So this convenience function sets up the destructor for you, giving a much more convenient and less error prone API. (This used to be commit dc5315086156644fad093cbe6b02d999adba8540)
2004-09-27 09:13:00 +04:00
a_state->domain_state = talloc_reference(a_state, d_state);
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
a_state->account_dn = talloc_steal(a_state, msg->dn);
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
/* retrieve the sid for the user just created */
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
r8520: fixed a pile of warnings from the build farm gcc -Wall output on S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2005-07-17 13:20:52 +04:00
msg->dn, "objectSid", "dn=%s", msg->dn);
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
if (sid == NULL) {
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
return NT_STATUS_UNSUCCESSFUL;
}
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
a_state->account_name = talloc_strdup(a_state, account_name);
if (!a_state->account_name) {
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_NO_MEMORY;
}
/* create the policy handle */
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
u_handle = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_USER);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (!u_handle) {
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
u_handle->data = talloc_steal(u_handle, a_state);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
*r->out.user_handle = u_handle->wire_handle;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
*r->out.access_granted = 0xf07ff; /* TODO: fix access mask calculations */
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
*r->out.rid = sid->sub_auths[sid->num_auths-1];
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_OK;
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
}
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
samr_CreateUser
*/
static NTSTATUS samr_CreateUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
struct samr_CreateUser *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
struct samr_CreateUser2 r2;
r1235: as the pidl code init all output data. we should do it manualy too. metze (This used to be commit d3b80fd40a07575c18593523070986b7aed6de92)
2004-06-24 04:25:38 +04:00
uint32_t access_granted = 0;
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
/* a simple wrapper around samr_CreateUser2 works nicely */
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
r2.in.domain_handle = r->in.domain_handle;
r1025: Rename (across the samr and netlogon pipes, so far) pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2004-06-05 07:22:10 +04:00
r2.in.account_name = r->in.account_name;
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
r2.in.acct_flags = ACB_NORMAL;
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
r2.in.access_mask = r->in.access_mask;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
r2.out.user_handle = r->out.user_handle;
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
r2.out.access_granted = &access_granted;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r2.out.rid = r->out.rid;
r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc (This used to be commit a3edd4bca8769cd804a5908286c7a18ca5c8fa00)
2004-05-06 11:32:51 +04:00
return samr_CreateUser2(dce_call, mem_ctx, &r2);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_EnumDomainUsers
*/
static NTSTATUS samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct samr_EnumDomainUsers *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_domain_state *d_state;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct ldb_message **res;
int count, i, first;
struct samr_SamEntry *entries;
const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
*r->out.resume_handle = 0;
r->out.sam = NULL;
r->out.num_entries = 0;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
d_state = h->data;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
/* search for all users in this domain. This could possibly be cached and
resumed based on resume_key */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs,
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
"objectclass=user");
if (count == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r595: nicer handling on max_size multiplier (This used to be commit 994baba7ebc267cb3051109aee022d71472aa6b6)
2004-05-09 04:42:09 +04:00
if (count == 0 || r->in.max_size == 0) {
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
return NT_STATUS_OK;
}
/* convert to SamEntry format */
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
entries = talloc_array(mem_ctx, struct samr_SamEntry, count);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<count;i++) {
entries[i].idx = samdb_result_rid_from_sid(mem_ctx, res[i], "objectSid", 0);
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
entries[i].name.string = samdb_result_string(res[i], "sAMAccountName", "");
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
}
/* sort the results by rid */
qsort(entries, count, sizeof(struct samr_SamEntry),
(comparison_fn_t)compare_SamEntry);
/* find the first entry to return */
for (first=0;
first<count && entries[first].idx <= *r->in.resume_handle;
first++) ;
if (first == count) {
return NT_STATUS_OK;
}
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 54 */
r->out.num_entries = count - first;
r595: nicer handling on max_size multiplier (This used to be commit 994baba7ebc267cb3051109aee022d71472aa6b6)
2004-05-09 04:42:09 +04:00
r->out.num_entries = MIN(r->out.num_entries,
1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER));
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sam = talloc(mem_ctx, struct samr_SamArray);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
if (!r->out.sam) {
return NT_STATUS_NO_MEMORY;
}
r->out.sam->entries = entries+first;
r->out.sam->count = r->out.num_entries;
if (r->out.num_entries < count - first) {
*r->out.resume_handle = entries[first+r->out.num_entries-1].idx;
return STATUS_MORE_ENTRIES;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_CreateDomAlias
*/
static NTSTATUS samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_CreateDomAlias *r)
{
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *alias_name, *name;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *msg;
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
struct dom_sid *sid;
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
struct dcesrv_handle *a_handle;
int ret;
ZERO_STRUCTP(r->out.alias_handle);
*r->out.rid = 0;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
alias_name = r->in.alias_name->string;
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
if (alias_name == NULL) {
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
return NT_STATUS_INVALID_PARAMETER;
}
/* Check if alias already exists */
name = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"sAMAccountName",
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
"(sAMAccountName=%s)(objectclass=group))",
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
alias_name);
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
if (name != NULL) {
return NT_STATUS_ALIAS_EXISTS;
}
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
/* add core elements to the ldb_message for the alias */
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
msg->dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", alias_name,
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
d_state->domain_dn);
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (!msg->dn) {
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
return NT_STATUS_NO_MEMORY;
}
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", alias_name);
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", "group");
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "groupType", "0x80000004");
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
/* create the alias */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
if (ret != 0) {
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
DEBUG(0,("Failed to create alias record %s\n", msg->dn));
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
a_state = talloc(d_state, struct samr_account_state);
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
if (!a_state) {
return NT_STATUS_NO_MEMORY;
}
a_state->sam_ctx = d_state->sam_ctx;
a_state->access_mask = r->in.access_mask;
a_state->domain_state = talloc_reference(a_state, d_state);
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
a_state->account_dn = talloc_steal(a_state, msg->dn);
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
/* retrieve the sid for the alias just created */
sid = samdb_search_dom_sid(d_state->sam_ctx, a_state,
r8520: fixed a pile of warnings from the build farm gcc -Wall output on S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2005-07-17 13:20:52 +04:00
msg->dn, "objectSid", "dn=%s", msg->dn);
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
a_state->account_name = talloc_strdup(a_state, alias_name);
r4344: Unify memory handling in dcerpc_samr.c a bit (This used to be commit 79ec28ade826c6a36e129abbe1e0a207074c676f)
2004-12-23 15:02:55 +03:00
if (!a_state->account_name) {
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
return NT_STATUS_NO_MEMORY;
}
/* create the policy handle */
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
a_handle = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_ALIAS);
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
if (a_handle == NULL)
return NT_STATUS_NO_MEMORY;
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
a_handle->data = talloc_steal(a_handle, a_state);
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
*r->out.alias_handle = a_handle->wire_handle;
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
*r->out.rid = sid->sub_auths[sid->num_auths-1];
r4335: Fix some potential memleaks, implement CreateDomAlias. Hmmmm. Isn't there enough stuff to do in 3_0??? ;-) Volker (This used to be commit c0fa7a92d9f602dc50801a9827e121c2b095a336)
2004-12-23 01:19:54 +03:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_EnumDomainAliases
*/
static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_EnumDomainAliases *r)
{
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
struct ldb_message **res;
int ldb_cnt, count, i, first;
struct samr_SamEntry *entries;
const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL };
*r->out.resume_handle = 0;
r->out.sam = NULL;
r->out.num_entries = 0;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
/* search for all domain groups in this domain. This could possibly be
cached and resumed based on resume_key */
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
&res, attrs,
d_state->domain_sid,
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
"(&(|(grouptype=%s)(grouptype=%s)))"
"(objectclass=group))",
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ldb_cnt == 0) {
return NT_STATUS_OK;
}
/* convert to SamEntry format */
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
entries = talloc_array(mem_ctx, struct samr_SamEntry, ldb_cnt);
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
count = 0;
for (i=0;i<ldb_cnt;i++) {
struct dom_sid *alias_sid;
alias_sid = samdb_result_dom_sid(mem_ctx, res[i],
"objectSid");
if (alias_sid == NULL)
continue;
entries[count].idx =
alias_sid->sub_auths[alias_sid->num_auths-1];
entries[count].name.string =
samdb_result_string(res[i], "sAMAccountName", "");
count += 1;
}
/* sort the results by rid */
qsort(entries, count, sizeof(struct samr_SamEntry),
(comparison_fn_t)compare_SamEntry);
/* find the first entry to return */
for (first=0;
first<count && entries[first].idx <= *r->in.resume_handle;
first++) ;
if (first == count) {
return NT_STATUS_OK;
}
r->out.num_entries = count - first;
r->out.num_entries = MIN(r->out.num_entries, 1000);
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.sam = talloc(mem_ctx, struct samr_SamArray);
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
if (!r->out.sam) {
return NT_STATUS_NO_MEMORY;
}
r->out.sam->entries = entries+first;
r->out.sam->count = r->out.num_entries;
if (r->out.num_entries < count - first) {
*r->out.resume_handle =
entries[first+r->out.num_entries-1].idx;
return STATUS_MORE_ENTRIES;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetAliasMembership
*/
static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetAliasMembership *r)
{
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
struct ldb_message **res;
int i, count = 0;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
if (r->in.sids->num_sids > 0) {
const char *filter;
const char * const attrs[2] = { "objectSid", NULL };
filter = talloc_asprintf(mem_ctx,
"(&(|(grouptype=%s)(grouptype=%s))"
"(objectclass=group)(|",
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
if (filter == NULL)
return NT_STATUS_NO_MEMORY;
for (i=0; i<r->in.sids->num_sids; i++) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *memberdn;
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
memberdn =
samdb_search_string(d_state->sam_ctx,
mem_ctx, NULL, "dn",
"(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx,
r->in.sids->sids[i].sid));
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
if (memberdn == NULL)
continue;
filter = talloc_asprintf(mem_ctx, "%s(member=%s)",
filter, memberdn);
if (filter == NULL)
return NT_STATUS_NO_MEMORY;
}
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
d_state->domain_sid, "%s))", filter);
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r->out.rids->count = 0;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.rids->ids = talloc_array(mem_ctx, uint32_t, count);
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
if (r->out.rids->ids == NULL)
return NT_STATUS_NO_MEMORY;
for (i=0; i<count; i++) {
struct dom_sid *alias_sid;
alias_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
if (alias_sid == NULL) {
DEBUG(0, ("Could not find objectSid\n"));
continue;
}
r->out.rids->ids[r->out.rids->count] =
alias_sid->sub_auths[alias_sid->num_auths-1];
r->out.rids->count += 1;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_LookupNames
*/
static NTSTATUS samr_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct samr_LookupNames *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_domain_state *d_state;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
int i;
NTSTATUS status = NT_STATUS_OK;
const char * const attrs[] = { "sAMAccountType", "objectSid", NULL };
int count;
ZERO_STRUCT(r->out.rids);
ZERO_STRUCT(r->out.types);
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
d_state = h->data;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (r->in.num_names == 0) {
return NT_STATUS_OK;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.rids.ids = talloc_array(mem_ctx, uint32_t, r->in.num_names);
r->out.types.ids = talloc_array(mem_ctx, uint32_t, r->in.num_names);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (!r->out.rids.ids || !r->out.types.ids) {
return NT_STATUS_NO_MEMORY;
}
r->out.rids.count = r->in.num_names;
r->out.types.count = r->in.num_names;
for (i=0;i<r->in.num_names;i++) {
struct ldb_message **res;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
struct dom_sid *sid;
r884: convert samba4 to use [u]int32_t instead of [u]int32 metze (This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
2004-05-25 20:24:13 +04:00
uint32_t atype, rtype;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r->out.rids.ids[i] = 0;
r->out.types.ids[i] = SID_NAME_UNKNOWN;
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs,
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
"sAMAccountName=%s", r->in.names[i].string);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (count != 1) {
status = STATUS_SOME_UNMAPPED;
continue;
}
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sid = samdb_result_dom_sid(mem_ctx, res[0], "objectSid");
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (sid == NULL) {
status = STATUS_SOME_UNMAPPED;
continue;
}
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
atype = samdb_result_uint(res[0], "sAMAccountType", 0);
if (atype == 0) {
status = STATUS_SOME_UNMAPPED;
continue;
}
r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
2004-05-15 11:51:38 +04:00
rtype = samdb_atype_map(atype);
if (rtype == SID_NAME_UNKNOWN) {
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
status = STATUS_SOME_UNMAPPED;
continue;
}
r->out.rids.ids[i] = sid->sub_auths[sid->num_auths-1];
r->out.types.ids[i] = rtype;
}
return status;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_LookupRids
*/
static NTSTATUS samr_LookupRids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_LookupRids *r)
{
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
int i, total;
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
NTSTATUS status = NT_STATUS_OK;
r8232: remove samr_String and netr_String as they are the same as lsa_String metze (This used to be commit e601042c07d7b6eed0dc34e5b136d9266b8a0f81)
2005-07-08 12:09:02 +04:00
struct lsa_String *names;
r4374: Follow metzes hint, change LookupRids a bit (This used to be commit b8fa5b9419c6397a4266bfdce3a31b1e016d7faa)
2004-12-27 12:48:49 +03:00
uint32_t *ids;
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
ZERO_STRUCT(r->out.names);
ZERO_STRUCT(r->out.types);
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
if (r->in.num_rids == 0)
return NT_STATUS_OK;
r8232: remove samr_String and netr_String as they are the same as lsa_String metze (This used to be commit e601042c07d7b6eed0dc34e5b136d9266b8a0f81)
2005-07-08 12:09:02 +04:00
names = talloc_array(mem_ctx, struct lsa_String, r->in.num_rids);
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
ids = talloc_array(mem_ctx, uint32_t, r->in.num_rids);
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
r4374: Follow metzes hint, change LookupRids a bit (This used to be commit b8fa5b9419c6397a4266bfdce3a31b1e016d7faa)
2004-12-27 12:48:49 +03:00
if ((names == NULL) || (ids == NULL))
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
return NT_STATUS_NO_MEMORY;
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
total = 0;
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
for (i=0; i<r->in.num_rids; i++) {
struct ldb_message **res;
int count;
const char * const attrs[] = { "sAMAccountType",
"sAMAccountName", NULL };
uint32_t atype;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
struct dom_sid *sid;
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
r4374: Follow metzes hint, change LookupRids a bit (This used to be commit b8fa5b9419c6397a4266bfdce3a31b1e016d7faa)
2004-12-27 12:48:49 +03:00
ids[i] = SID_NAME_UNKNOWN;
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rids[i]);
if (sid == NULL) {
names[i].string = NULL;
status = STATUS_SOME_UNMAPPED;
continue;
}
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
count = gendb_search(d_state->sam_ctx, mem_ctx,
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
d_state->domain_dn, &res, attrs,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
"(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, sid));
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
if (count != 1) {
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
names[i].string = NULL;
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
status = STATUS_SOME_UNMAPPED;
continue;
}
r4374: Follow metzes hint, change LookupRids a bit (This used to be commit b8fa5b9419c6397a4266bfdce3a31b1e016d7faa)
2004-12-27 12:48:49 +03:00
names[i].string = samdb_result_string(res[0], "sAMAccountName",
NULL);
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
atype = samdb_result_uint(res[0], "sAMAccountType", 0);
if (atype == 0) {
status = STATUS_SOME_UNMAPPED;
continue;
}
r4374: Follow metzes hint, change LookupRids a bit (This used to be commit b8fa5b9419c6397a4266bfdce3a31b1e016d7faa)
2004-12-27 12:48:49 +03:00
ids[i] = samdb_atype_map(atype);
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
r4374: Follow metzes hint, change LookupRids a bit (This used to be commit b8fa5b9419c6397a4266bfdce3a31b1e016d7faa)
2004-12-27 12:48:49 +03:00
if (ids[i] == SID_NAME_UNKNOWN) {
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
status = STATUS_SOME_UNMAPPED;
continue;
}
}
r4374: Follow metzes hint, change LookupRids a bit (This used to be commit b8fa5b9419c6397a4266bfdce3a31b1e016d7faa)
2004-12-27 12:48:49 +03:00
r->out.names.names = names;
r->out.names.count = r->in.num_rids;
r->out.types.ids = ids;
r->out.types.count = r->in.num_rids;
r4372: Implement samr_LookupRids (This used to be commit 1bab3254f6a27144c6f76edf66573f7fa25b3173)
2004-12-27 02:31:19 +03:00
return status;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_OpenGroup
*/
static NTSTATUS samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_OpenGroup *r)
{
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
struct samr_domain_state *d_state;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
struct dcesrv_handle *h;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *groupname;
struct dom_sid *sid;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
struct ldb_message **msgs;
struct dcesrv_handle *g_handle;
const char * const attrs[2] = { "sAMAccountName", NULL };
int ret;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
ZERO_STRUCTP(r->out.group_handle);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
d_state = h->data;
/* form the group SID */
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
if (!sid) {
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY;
}
/* search for the group record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(d_state->sam_ctx,
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
mem_ctx, d_state->domain_dn, &msgs, attrs,
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
"(&(objectSid=%s)(objectclass=group)"
"(grouptype=%s))",
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
ldap_encode_ndr_dom_sid(mem_ctx, sid),
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_GLOBAL_GROUP));
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
if (ret == 0) {
return NT_STATUS_NO_SUCH_GROUP;
}
if (ret != 1) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
DEBUG(0,("Found %d records matching sid %s\n",
ret, dom_sid_string(mem_ctx, sid)));
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
groupname = samdb_result_string(msgs[0], "sAMAccountName", NULL);
if (groupname == NULL) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
DEBUG(0,("sAMAccountName field missing for sid %s\n",
dom_sid_string(mem_ctx, sid)));
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
a_state = talloc(d_state, struct samr_account_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (!a_state) {
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY;
}
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state->sam_ctx = d_state->sam_ctx;
a_state->access_mask = r->in.access_mask;
r2675: added a convenience function void *talloc_reference(const void *context, const void *ptr); this function makes a secondary reference to ptr, and hangs it off the given context. This greatly simplifies some of the current reference counting code in the samr server and I suspect it will be widely used in other places too. the way you use it is like this: domain_state->connect_state = talloc_reference(domain_state, connect_state); that makes the element connect_state of domain_state a secondary reference to connect_state. The connect_state structure will then only be freed when both domain_state and the original connect_state go away, allowing you to free them independently and in any order. you could do this alrady using a talloc destructor, and that is what the samr server did previously, but that meant this construct was being reinvented in several places. So this convenience function sets up the destructor for you, giving a much more convenient and less error prone API. (This used to be commit dc5315086156644fad093cbe6b02d999adba8540)
2004-09-27 09:13:00 +04:00
a_state->domain_state = talloc_reference(a_state, d_state);
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
a_state->account_sid = talloc_steal(a_state, sid);
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
a_state->account_name = talloc_strdup(a_state, groupname);
r4344: Unify memory handling in dcerpc_samr.c a bit (This used to be commit 79ec28ade826c6a36e129abbe1e0a207074c676f)
2004-12-23 15:02:55 +03:00
if (!a_state->account_name) {
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY;
}
/* create the policy handle */
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
g_handle = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_GROUP);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
if (!g_handle) {
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
g_handle->data = talloc_steal(g_handle, a_state);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
*r->out.group_handle = g_handle->wire_handle;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
/* these query macros make samr_Query[User|Group]Info a bit easier to read */
#define QUERY_STRING(msg, field, attr) \
r->out.info->field = samdb_result_string(msg, attr, "");
#define QUERY_UINT(msg, field, attr) \
r->out.info->field = samdb_result_uint(msg, attr, 0);
#define QUERY_RID(msg, field, attr) \
r->out.info->field = samdb_result_rid_from_sid(mem_ctx, msg, attr, 0);
#define QUERY_NTTIME(msg, field, attr) \
r->out.info->field = samdb_result_nttime(msg, attr, 0);
#define QUERY_APASSC(msg, field, attr) \
r1025: Rename (across the samr and netlogon pipes, so far) pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2004-06-05 07:22:10 +04:00
r->out.info->field = samdb_result_allow_password_change(a_state->sam_ctx, mem_ctx, \
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state->domain_state->domain_dn, msg, attr);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
#define QUERY_FPASSC(msg, field, attr) \
r1025: Rename (across the samr and netlogon pipes, so far) pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2004-06-05 07:22:10 +04:00
r->out.info->field = samdb_result_force_password_change(a_state->sam_ctx, mem_ctx, \
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state->domain_state->domain_dn, msg, attr);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
#define QUERY_LHOURS(msg, field, attr) \
r->out.info->field = samdb_result_logon_hours(mem_ctx, msg, attr);
#define QUERY_AFLAGS(msg, field, attr) \
r->out.info->field = samdb_result_acct_flags(msg, attr);
/* these are used to make the Set[User|Group]Info code easier to follow */
#define SET_STRING(mod, field, attr) do { \
if (r->in.info->field == NULL) return NT_STATUS_INVALID_PARAMETER; \
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (samdb_msg_add_string(a_state->sam_ctx, mem_ctx, mod, attr, r->in.info->field) != 0) { \
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY; \
} \
} while (0)
#define SET_UINT(mod, field, attr) do { \
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (samdb_msg_add_uint(a_state->sam_ctx, mem_ctx, mod, attr, r->in.info->field) != 0) { \
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY; \
} \
} while (0)
#define SET_AFLAGS(msg, field, attr) do { \
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (samdb_msg_add_acct_flags(a_state->sam_ctx, mem_ctx, msg, attr, r->in.info->field) != 0) { \
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY; \
} \
} while (0)
#define SET_LHOURS(msg, field, attr) do { \
r3453: - split out the auth and popt includes - tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2004-11-02 05:57:18 +03:00
if (samdb_msg_add_logon_hours(a_state->sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != 0) { \
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY; \
} \
} while (0)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
samr_QueryGroupInfo
*/
static NTSTATUS samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryGroupInfo *r)
{
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
struct ldb_message *msg, **res;
const char * const attrs[4] = { "sAMAccountName", "description",
"numMembers", NULL };
int ret;
r->out.info = NULL;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state = h->data;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
/* pull all the group attributes */
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
a_state->account_dn, &res, attrs);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
msg = res[0];
/* allocate the info structure */
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.info = talloc(mem_ctx, union samr_GroupInfo);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
if (r->out.info == NULL) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(r->out.info);
/* Fill in the level */
switch (r->in.level) {
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case GROUPINFOALL:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, all.name.string, "sAMAccountName");
r3807: Cross-check the basic attributes for groups and aliases in RPC-SAMSYNC. Andrew Bartlett (This used to be commit 90398fda41dd15480899e3628df186eb02fdc139)
2004-11-17 16:39:37 +03:00
r->out.info->all.attributes = 7; /* Do like w2k3 */
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
QUERY_UINT (msg, all.num_members, "numMembers")
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, all.description.string, "description");
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case GROUPINFONAME:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, name.string, "sAMAccountName");
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case GROUPINFOX:
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r->out.info->unknown.unknown = 7;
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case GROUPINFODESCRIPTION:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, description.string, "description");
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
break;
default:
r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_SetGroupInfo
*/
static NTSTATUS samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct samr_SetGroupInfo *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *msg;
r812: added a new samdb_replace() call that simplifies the code in the main samr server a bit. (This used to be commit 255d6e77e705bb7a94e6738c9f48f9d8c625883c)
2004-05-22 04:53:57 +04:00
int ret;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state = h->data;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
msg->dn = talloc_strdup(mem_ctx, a_state->account_dn);
if (!msg->dn) {
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_NO_MEMORY;
}
switch (r->in.level) {
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case GROUPINFODESCRIPTION:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, description.string, "description");
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case GROUPINFONAME:
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
/* On W2k3 this does not change the name, it changes the
* sAMAccountName attribute */
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, name.string, "sAMAccountName");
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case GROUPINFOX:
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
/* This does not do anything obviously visible in W2k3 LDAP */
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
/* modify the samdb record */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_AddGroupMember
*/
static NTSTATUS samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_AddGroupMember *r)
{
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *mod;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
struct dom_sid *membersid;
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
const char *memberdn;
struct ldb_message **msgs;
const char * const attrs[2] = { "dn", NULL };
int ret;
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
a_state = h->data;
d_state = a_state->domain_state;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
if (membersid == NULL)
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
return NT_STATUS_NO_MEMORY;
/* In native mode, AD can also nest domain groups. Not sure yet
* whether this is also available via RPC. */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
&msgs, attrs, "(&(objectSid=%s)(objectclass=user))",
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
ldap_encode_ndr_dom_sid(mem_ctx, membersid));
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
if (ret == 0)
return NT_STATUS_NO_SUCH_USER;
if (ret > 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
memberdn = samdb_result_string(msgs[0], "dn", NULL);
if (memberdn == NULL)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
mod = ldb_msg_new(mem_ctx);
if (mod == NULL) {
return NT_STATUS_NO_MEMORY;
}
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
memberdn) != 0)
return NT_STATUS_UNSUCCESSFUL;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0)
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_DeleteDomainGroup
*/
static NTSTATUS samr_DeleteDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteDomainGroup *r)
{
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
int ret;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
*r->out.group_handle = *r->in.group_handle;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state = h->data;
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
ZERO_STRUCTP(r->out.group_handle);
r615: Implement samr_OpenGroup, samr_QueryGroupInfo, samr_SetGroupInfo, samr_DeleteDomainGroup. I've added the hidden attribute numMembers that must be maintained by Add/DelGroupMember for the GroupInfoAll query. Volker (This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
2004-05-09 19:39:12 +04:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_DeleteGroupMember
*/
static NTSTATUS samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteGroupMember *r)
{
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *mod;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
struct dom_sid *membersid;
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
const char *memberdn;
struct ldb_message **msgs;
const char * const attrs[2] = { "dn", NULL };
int ret;
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
a_state = h->data;
d_state = a_state->domain_state;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
membersid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
if (membersid == NULL)
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
return NT_STATUS_NO_MEMORY;
/* In native mode, AD can also nest domain groups. Not sure yet
* whether this is also available via RPC. */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn,
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
&msgs, attrs, "(&(objectSid=%s)(objectclass=user))",
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
ldap_encode_ndr_dom_sid(mem_ctx, membersid));
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
if (ret == 0)
return NT_STATUS_NO_SUCH_USER;
if (ret > 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
memberdn = samdb_result_string(msgs[0], "dn", NULL);
if (memberdn == NULL)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
mod = ldb_msg_new(mem_ctx);
if (mod == NULL) {
return NT_STATUS_NO_MEMORY;
}
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
memberdn) != 0)
return NT_STATUS_UNSUCCESSFUL;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0)
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryGroupMember
*/
static NTSTATUS samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryGroupMember *r)
{
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct ldb_message **res;
struct ldb_message_element *el;
r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC. Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2005-05-01 12:05:17 +04:00
struct samr_RidTypeArray *array;
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
const char * const attrs[2] = { "member", NULL };
int ret;
DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP);
a_state = h->data;
/* pull the member attribute */
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
a_state->account_dn, &res, attrs);
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC. Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2005-05-01 12:05:17 +04:00
array = talloc(mem_ctx, struct samr_RidTypeArray);
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
if (array == NULL)
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(array);
el = ldb_msg_find_element(res[0], "member");
if (el != NULL) {
int i;
array->count = el->num_values;
r5298: - got rid of pstring.h from includes.h. This at least makes it a bit less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2005-02-10 08:09:35 +03:00
array->rids = talloc_array(mem_ctx, uint32_t,
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
el->num_values);
if (array->rids == NULL)
return NT_STATUS_NO_MEMORY;
r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC. Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2005-05-01 12:05:17 +04:00
array->types = talloc_array(mem_ctx, uint32_t,
el->num_values);
if (array->types == NULL)
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
return NT_STATUS_NO_MEMORY;
for (i=0; i<el->num_values; i++) {
struct ldb_message **res2;
const char * const attrs2[2] = { "objectSid", NULL };
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
(char *)el->values[i].data,
&res2, attrs2);
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
array->rids[i] =
samdb_result_rid_from_sid(mem_ctx, res2[0],
"objectSid", 0);
if (array->rids[i] == 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC. Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2005-05-01 12:05:17 +04:00
array->types[i] = 7; /* RID type of some kind, not sure what the value means. */
r4367: Implement samr_AddGroupMember, samr_DeleteGroupMember and samr_QueryGroupMember. Volker (This used to be commit 43581c3711d2eeb901094acebea294a3b87d4c0b)
2004-12-26 21:02:18 +03:00
}
}
r->out.rids = array;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_SetMemberAttributesOfGroup
*/
static NTSTATUS samr_SetMemberAttributesOfGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetMemberAttributesOfGroup *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_OpenAlias
*/
static NTSTATUS samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_OpenAlias *r)
{
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
struct samr_domain_state *d_state;
struct samr_account_state *a_state;
struct dcesrv_handle *h;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *alias_name;
struct dom_sid *sid;
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
struct ldb_message **msgs;
struct dcesrv_handle *g_handle;
const char * const attrs[2] = { "sAMAccountName", NULL };
int ret;
ZERO_STRUCTP(r->out.alias_handle);
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
/* form the alias SID */
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
if (sid == NULL)
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
return NT_STATUS_NO_MEMORY;
/* search for the group record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(d_state->sam_ctx,
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
mem_ctx, d_state->domain_dn, &msgs, attrs,
"(&(objectSid=%s)(objectclass=group)"
"(|(grouptype=%s)(grouptype=%s)))",
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
ldap_encode_ndr_dom_sid(mem_ctx, sid),
r4378: Implement samr_EnumDomainGroups and samr_EnumDomainAliases. Hmmm. How do I tell ldb not to descend into cn=Builtin? Volker (This used to be commit c95d20cd7c18fbfb5e6e9a5efac07354117610c5)
2004-12-28 10:57:31 +03:00
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
if (ret == 0) {
return NT_STATUS_NO_SUCH_ALIAS;
}
if (ret != 1) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
DEBUG(0,("Found %d records matching sid %s\n",
ret, dom_sid_string(mem_ctx, sid)));
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
alias_name = samdb_result_string(msgs[0], "sAMAccountName", NULL);
if (alias_name == NULL) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
DEBUG(0,("sAMAccountName field missing for sid %s\n",
dom_sid_string(mem_ctx, sid)));
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
a_state = talloc(d_state, struct samr_account_state);
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
if (!a_state) {
return NT_STATUS_NO_MEMORY;
}
a_state->sam_ctx = d_state->sam_ctx;
a_state->access_mask = r->in.access_mask;
a_state->domain_state = talloc_reference(a_state, d_state);
a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
a_state->account_sid = talloc_steal(a_state, sid);
r6325: Rename aliasname -> alias_name in CreateDomAlias function. (This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
2005-04-13 10:26:43 +04:00
a_state->account_name = talloc_strdup(a_state, alias_name);
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
if (!a_state->account_name) {
return NT_STATUS_NO_MEMORY;
}
/* create the policy handle */
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
g_handle = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_ALIAS);
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
if (!g_handle) {
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
g_handle->data = talloc_steal(g_handle, a_state);
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
*r->out.alias_handle = g_handle->wire_handle;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryAliasInfo
*/
static NTSTATUS samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryAliasInfo *r)
{
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct ldb_message *msg, **res;
const char * const attrs[4] = { "sAMAccountName", "description",
"numMembers", NULL };
int ret;
r->out.info = NULL;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
a_state = h->data;
/* pull all the alias attributes */
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
a_state->account_dn ,&res, attrs);
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
msg = res[0];
/* allocate the info structure */
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.info = talloc(mem_ctx, union samr_AliasInfo);
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
if (r->out.info == NULL) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(r->out.info);
switch(r->in.level) {
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case ALIASINFOALL:
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
QUERY_STRING(msg, all.name.string, "sAMAccountName");
QUERY_UINT (msg, all.num_members, "numMembers");
QUERY_STRING(msg, all.description.string, "description");
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case ALIASINFONAME:
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
QUERY_STRING(msg, name.string, "sAMAccountName");
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case ALIASINFODESCRIPTION:
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
QUERY_STRING(msg, description.string, "description");
break;
default:
r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_SetAliasInfo
*/
static NTSTATUS samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetAliasInfo *r)
{
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *msg;
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
int ret;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
a_state = h->data;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
msg->dn = talloc_strdup(mem_ctx, a_state->account_dn);
if (!msg->dn) {
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
return NT_STATUS_NO_MEMORY;
}
switch (r->in.level) {
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case ALIASINFODESCRIPTION:
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
SET_STRING(msg, description.string, "description");
break;
r5080: patch from ronnie to make our samr IDL a little more consistent (This used to be commit 7607ddda3f221bd5a68d28c0eae297569fbb58b1)
2005-01-29 05:46:37 +03:00
case ALIASINFONAME:
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
/* On W2k3 this does not change the name, it changes the
* sAMAccountName attribute */
SET_STRING(msg, name.string, "sAMAccountName");
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
/* modify the samdb record */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
r4375: Implement samr_OpenAlias, samr_QueryAliasInfo and samr_SetAliasInfo. Fix IDL for samr_SetAliasInfo. Volker (This used to be commit d70e2371903fb21e24ab2e23d04ee4b0b2ef55e5)
2004-12-27 14:27:30 +03:00
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_DeleteDomAlias
*/
static NTSTATUS samr_DeleteDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteDomAlias *r)
{
r6084: - Introduce the samldb module dependency on samba4 - This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2005-03-28 03:31:43 +04:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
int ret;
*r->out.alias_handle = *r->in.alias_handle;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
a_state = h->data;
ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
ZERO_STRUCTP(r->out.alias_handle);
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_AddAliasMember
*/
static NTSTATUS samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_AddAliasMember *r)
{
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *mod;
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
struct ldb_message **msgs;
const char * const attrs[2] = { "dn", NULL };
const char *memberdn = NULL;
int ret;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
a_state = h->data;
d_state = a_state->domain_state;
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
&msgs, attrs, "(objectsid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
if (ret == 1) {
memberdn = ldb_msg_find_string(msgs[0], "dn", NULL);
} else if (ret > 1) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
DEBUG(0,("Found %d records matching sid %s\n",
ret, dom_sid_string(mem_ctx, r->in.sid)));
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else if (ret == 0) {
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *msg;
r8670: Remove GUID code from SAMR, it is handled lower down now. I notice this code also does string SIDs, but I'm not quite sure where that fits in. Andrew Bartlett (This used to be commit 968bcc4fe8142319ca0a2ac9e3a895b5436b4552)
2005-07-21 12:34:54 +04:00
const char *basedn, *sidstr;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sidstr = dom_sid_string(mem_ctx, r->in.sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
/* We might have to create a ForeignSecurityPrincipal, but
* only if it's not our own domain */
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
if (dom_sid_in_domain(d_state->domain_sid, r->in.sid))
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
/* TODO: Hmmm. This feels wrong. How do I find the base dn to
* put the ForeignSecurityPrincipals? d_state->domain_dn does
* not work, this is wrong for the Builtin domain, there's no
* cn=For...,cn=Builtin,dc={BASEDN}. -- vl
*/
basedn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
"dn",
"(&(objectClass=container)"
"(cn=ForeignSecurityPrincipals))");
if (basedn == NULL) {
DEBUG(0, ("Failed to find DN for "
"ForeignSecurityPrincipal container\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* add core elements to the ldb_message for the alias */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg->dn = talloc_asprintf(mem_ctx, "CN=%s,%s", sidstr, basedn);
if (msg->dn == NULL)
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
return NT_STATUS_NO_MEMORY;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
memberdn = msg->dn;
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg,
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
"objectClass",
"foreignSecurityPrincipal");
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
/* create the alias */
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
ret = samdb_add(d_state->sam_ctx, mem_ctx, msg);
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
if (ret != 0) {
DEBUG(0,("Failed to create foreignSecurityPrincipal "
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
"record %s\n", msg->dn));
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
DEBUG(0, ("samdb_search returned %d\n", ret));
}
if (memberdn == NULL) {
DEBUG(0, ("Could not find memberdn\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
mod = ldb_msg_new(mem_ctx);
if (mod == NULL) {
return NT_STATUS_NO_MEMORY;
}
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_msg_add_addval(d_state->sam_ctx, mem_ctx, mod, "member",
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
memberdn) != 0)
return NT_STATUS_UNSUCCESSFUL;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0)
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_DeleteAliasMember
*/
static NTSTATUS samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_DeleteAliasMember *r)
{
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *mod;
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
const char *memberdn;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
a_state = h->data;
d_state = a_state->domain_state;
memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
"dn", "(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
if (memberdn == NULL)
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
mod = ldb_msg_new(mem_ctx);
if (mod == NULL) {
return NT_STATUS_NO_MEMORY;
}
mod->dn = talloc_reference(mem_ctx, a_state->account_dn);
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod, "member",
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
memberdn) != 0)
return NT_STATUS_UNSUCCESSFUL;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_modify(a_state->sam_ctx, mem_ctx, mod) != 0)
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
return NT_STATUS_UNSUCCESSFUL;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetMembersInAlias
*/
static NTSTATUS samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetMembersInAlias *r)
{
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
struct ldb_message **msgs;
struct lsa_SidPtr *sids;
struct ldb_message_element *el;
const char * const attrs[2] = { "member", NULL};
int ret;
DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS);
a_state = h->data;
d_state = a_state->domain_state;
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(d_state->sam_ctx, mem_ctx,
a_state->account_dn, &msgs, attrs);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
r4393: Trivial bugfix for a silly bug (This used to be commit ae3c329e9d718cdc011f8f291ccc68abad6b9cc7)
2004-12-29 16:22:00 +03:00
r->out.sids->num_sids = 0;
r->out.sids->sids = NULL;
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
el = ldb_msg_find_element(msgs[0], "member");
if (el != NULL) {
int i;
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
sids = talloc_array(mem_ctx, struct lsa_SidPtr,
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
el->num_values);
if (sids == NULL)
return NT_STATUS_NO_MEMORY;
for (i=0; i<el->num_values; i++) {
struct ldb_message **msgs2;
const char * const attrs2[2] = { "objectSid", NULL };
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
(char *)el->values[i].data,
&msgs2, attrs2);
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
if (ret != 1)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
sids[i].sid = samdb_result_dom_sid(mem_ctx, msgs2[0],
"objectSid");
if (sids[i].sid == NULL)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r4393: Trivial bugfix for a silly bug (This used to be commit ae3c329e9d718cdc011f8f291ccc68abad6b9cc7)
2004-12-29 16:22:00 +03:00
r->out.sids->num_sids = el->num_values;
r->out.sids->sids = sids;
r4376: Implement samr_AddAliasMember, samr_DeleteAliasMember and samr_GetMembersInAlias. Volker (This used to be commit 78802720ae922cf8ad19bf2e8be23a64435c4673)
2004-12-28 01:20:17 +03:00
}
return NT_STATUS_OK;
}
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
samr_OpenUser
*/
static NTSTATUS samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct samr_OpenUser *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct samr_domain_state *d_state;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct dcesrv_handle *h;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *account_name;
struct dom_sid *sid;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct ldb_message **msgs;
struct dcesrv_handle *u_handle;
const char * const attrs[2] = { "sAMAccountName", NULL };
int ret;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
ZERO_STRUCTP(r->out.user_handle);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
d_state = h->data;
/* form the users SID */
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid);
if (!sid) {
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_NO_MEMORY;
}
/* search for the user record */
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(d_state->sam_ctx,
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
mem_ctx, d_state->domain_dn, &msgs, attrs,
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
"(&(objectSid=%s)(objectclass=user))",
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
ldap_encode_ndr_dom_sid(mem_ctx, sid));
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (ret == 0) {
return NT_STATUS_NO_SUCH_USER;
}
if (ret != 1) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
DEBUG(0,("Found %d records matching sid %s\n", ret,
dom_sid_string(mem_ctx, sid)));
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r1025: Rename (across the samr and netlogon pipes, so far) pwd -> password passwd -> password username -> account_name Also work on consistant structure feild names between these two pipes, and fix up some callers to use samr_Password for the netlogon credential code. Andrew Bartlett (This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
2004-06-05 07:22:10 +04:00
account_name = samdb_result_string(msgs[0], "sAMAccountName", NULL);
if (account_name == NULL) {
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
DEBUG(0,("sAMAccountName field missing for sid %s\n",
dom_sid_string(mem_ctx, sid)));
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
a_state = talloc(mem_ctx, struct samr_account_state);
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
if (!a_state) {
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_NO_MEMORY;
}
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state->sam_ctx = d_state->sam_ctx;
a_state->access_mask = r->in.access_mask;
r2675: added a convenience function void *talloc_reference(const void *context, const void *ptr); this function makes a secondary reference to ptr, and hangs it off the given context. This greatly simplifies some of the current reference counting code in the samr server and I suspect it will be widely used in other places too. the way you use it is like this: domain_state->connect_state = talloc_reference(domain_state, connect_state); that makes the element connect_state of domain_state a secondary reference to connect_state. The connect_state structure will then only be freed when both domain_state and the original connect_state go away, allowing you to free them independently and in any order. you could do this alrady using a talloc destructor, and that is what the samr server did previously, but that meant this construct was being reinvented in several places. So this convenience function sets up the destructor for you, giving a much more convenient and less error prone API. (This used to be commit dc5315086156644fad093cbe6b02d999adba8540)
2004-09-27 09:13:00 +04:00
a_state->domain_state = talloc_reference(a_state, d_state);
r4344: Unify memory handling in dcerpc_samr.c a bit (This used to be commit 79ec28ade826c6a36e129abbe1e0a207074c676f)
2004-12-23 15:02:55 +03:00
a_state->account_dn = talloc_steal(a_state, msgs[0]->dn);
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
a_state->account_sid = talloc_steal(a_state, sid);
r4344: Unify memory handling in dcerpc_samr.c a bit (This used to be commit 79ec28ade826c6a36e129abbe1e0a207074c676f)
2004-12-23 15:02:55 +03:00
a_state->account_name = talloc_strdup(a_state, account_name);
if (!a_state->account_name) {
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_NO_MEMORY;
}
/* create the policy handle */
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
u_handle = dcesrv_handle_new(dce_call->context, SAMR_HANDLE_USER);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (!u_handle) {
return NT_STATUS_NO_MEMORY;
}
r4640: first stage in the server side support for multiple context_ids on one pipe this stage does the following: - simplifies the dcerpc_handle handling, and all the callers of it - split out the context_id depenent state into a linked list of established contexts - fixed some talloc handling in several rpc servers that i noticed while doing the above (This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
2005-01-10 15:15:26 +03:00
u_handle->data = talloc_steal(u_handle, a_state);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
*r->out.user_handle = u_handle->wire_handle;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_DeleteUser
*/
static NTSTATUS samr_DeleteUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct samr_DeleteUser *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
int ret;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
*r->out.user_handle = *r->in.user_handle;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state = h->data;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
ret = samdb_delete(a_state->sam_ctx, mem_ctx, a_state->account_dn);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
if (ret != 0) {
return NT_STATUS_UNSUCCESSFUL;
}
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
ZERO_STRUCTP(r->out.user_handle);
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryUserInfo
*/
static NTSTATUS samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct samr_QueryUserInfo *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct ldb_message *msg, **res;
int ret;
r->out.info = NULL;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state = h->data;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
/* pull all the user attributes */
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
ret = gendb_search_dn(a_state->sam_ctx, mem_ctx,
a_state->account_dn ,&res, NULL);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
msg = res[0];
/* allocate the info structure */
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
r->out.info = talloc(mem_ctx, union samr_UserInfo);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
if (r->out.info == NULL) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(r->out.info);
/* fill in the reply */
switch (r->in.level) {
case 1:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info1.account_name.string, "sAMAccountName");
QUERY_STRING(msg, info1.full_name.string, "displayName");
QUERY_UINT (msg, info1.primary_gid, "primaryGroupID");
QUERY_STRING(msg, info1.description.string, "description");
QUERY_STRING(msg, info1.comment.string, "comment");
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
break;
case 2:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info2.comment.string, "comment");
QUERY_UINT (msg, info2.country_code, "countryCode");
QUERY_UINT (msg, info2.code_page, "codePage");
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
break;
case 3:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info3.account_name.string, "sAMAccountName");
QUERY_STRING(msg, info3.full_name.string, "displayName");
QUERY_RID (msg, info3.rid, "objectSid");
QUERY_UINT (msg, info3.primary_gid, "primaryGroupID");
QUERY_STRING(msg, info3.home_directory.string, "homeDirectory");
QUERY_STRING(msg, info3.home_drive.string, "homeDrive");
QUERY_STRING(msg, info3.logon_script.string, "scriptPath");
QUERY_STRING(msg, info3.profile_path.string, "profilePath");
QUERY_STRING(msg, info3.workstations.string, "userWorkstations");
QUERY_NTTIME(msg, info3.last_logon, "lastLogon");
QUERY_NTTIME(msg, info3.last_logoff, "lastLogoff");
QUERY_NTTIME(msg, info3.last_password_change, "pwdLastSet");
QUERY_APASSC(msg, info3.allow_password_change, "pwdLastSet");
QUERY_FPASSC(msg, info3.force_password_change, "pwdLastSet");
QUERY_LHOURS(msg, info3.logon_hours, "logonHours");
QUERY_UINT (msg, info3.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info3.logon_count, "logonCount");
QUERY_AFLAGS(msg, info3.acct_flags, "userAccountControl");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 4:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_LHOURS(msg, info4.logon_hours, "logonHours");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 5:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info5.account_name.string, "sAMAccountName");
QUERY_STRING(msg, info5.full_name.string, "displayName");
QUERY_RID (msg, info5.rid, "objectSid");
QUERY_UINT (msg, info5.primary_gid, "primaryGroupID");
QUERY_STRING(msg, info5.home_directory.string, "homeDirectory");
QUERY_STRING(msg, info5.home_drive.string, "homeDrive");
QUERY_STRING(msg, info5.logon_script.string, "scriptPath");
QUERY_STRING(msg, info5.profile_path.string, "profilePath");
QUERY_STRING(msg, info5.description.string, "description");
QUERY_STRING(msg, info5.workstations.string, "userWorkstations");
QUERY_NTTIME(msg, info5.last_logon, "lastLogon");
QUERY_NTTIME(msg, info5.last_logoff, "lastLogoff");
QUERY_LHOURS(msg, info5.logon_hours, "logonHours");
QUERY_UINT (msg, info5.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info5.logon_count, "logonCount");
QUERY_NTTIME(msg, info5.last_password_change, "pwdLastSet");
QUERY_NTTIME(msg, info5.acct_expiry, "accountExpires");
QUERY_AFLAGS(msg, info5.acct_flags, "userAccountControl");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 6:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info6.account_name.string, "sAMAccountName");
QUERY_STRING(msg, info6.full_name.string, "displayName");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 7:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info7.account_name.string, "sAMAccountName");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 8:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info8.full_name.string, "displayName");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 9:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_UINT (msg, info9.primary_gid, "primaryGroupID");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 10:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info10.home_directory.string,"homeDirectory");
QUERY_STRING(msg, info10.home_drive.string, "homeDrive");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 11:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info11.logon_script.string, "scriptPath");
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
break;
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
case 12:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info12.profile_path.string, "profilePath");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 13:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info13.description.string, "description");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 14:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info14.workstations.string, "userWorkstations");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 16:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_AFLAGS(msg, info16.acct_flags, "userAccountControl");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 17:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_NTTIME(msg, info17.acct_expiry, "accountExpires");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
case 20:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info20.parameters.string, "userParameters");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 21:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_NTTIME(msg, info21.last_logon, "lastLogon");
QUERY_NTTIME(msg, info21.last_logoff, "lastLogoff");
QUERY_NTTIME(msg, info21.last_password_change, "pwdLastSet");
QUERY_NTTIME(msg, info21.acct_expiry, "accountExpires");
r1028: More consistancy fixes, which should also fix the build. Andrew Bartlett (This used to be commit 0d2ae66d3a82134d86084f63c05214e03dfcb48b)
2004-06-05 08:32:50 +04:00
QUERY_APASSC(msg, info21.allow_password_change,"pwdLastSet");
QUERY_FPASSC(msg, info21.force_password_change,"pwdLastSet");
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_STRING(msg, info21.account_name.string, "sAMAccountName");
QUERY_STRING(msg, info21.full_name.string, "displayName");
QUERY_STRING(msg, info21.home_directory.string,"homeDirectory");
QUERY_STRING(msg, info21.home_drive.string, "homeDrive");
QUERY_STRING(msg, info21.logon_script.string, "scriptPath");
QUERY_STRING(msg, info21.profile_path.string, "profilePath");
QUERY_STRING(msg, info21.description.string, "description");
QUERY_STRING(msg, info21.workstations.string, "userWorkstations");
QUERY_STRING(msg, info21.comment.string, "comment");
QUERY_STRING(msg, info21.parameters.string, "userParameters");
QUERY_RID (msg, info21.rid, "objectSid");
QUERY_UINT (msg, info21.primary_gid, "primaryGroupID");
QUERY_AFLAGS(msg, info21.acct_flags, "userAccountControl");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
r->out.info->info21.fields_present = 0x00FFFFFF;
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
QUERY_LHOURS(msg, info21.logon_hours, "logonHours");
QUERY_UINT (msg, info21.bad_password_count, "badPwdCount");
QUERY_UINT (msg, info21.logon_count, "logonCount");
QUERY_UINT (msg, info21.country_code, "countryCode");
QUERY_UINT (msg, info21.code_page, "codePage");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
default:
r->out.info = NULL;
return NT_STATUS_INVALID_INFO_CLASS;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
/*
samr_SetUserInfo
*/
static NTSTATUS samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct samr_SetUserInfo *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *msg;
r812: added a new samdb_replace() call that simplifies the code in the main samr server a bit. (This used to be commit 255d6e77e705bb7a94e6738c9f48f9d8c625883c)
2004-05-22 04:53:57 +04:00
int ret;
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
NTSTATUS status = NT_STATUS_OK;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state = h->data;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
r4680: Make more efficient use of memory in SAMR: Avoid a strdup, use a talloc_reference Use the shortest term memory context possible Andrew Bartlett (This used to be commit 5569db0f94807b7e2418630fbdca03be9c65e838)
2005-01-11 16:59:18 +03:00
msg->dn = talloc_reference(mem_ctx, a_state->account_dn);
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (!msg->dn) {
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
return NT_STATUS_NO_MEMORY;
}
switch (r->in.level) {
case 2:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info2.comment.string, "comment");
SET_UINT (msg, info2.country_code, "countryCode");
SET_UINT (msg, info2.code_page, "codePage");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 4:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_LHOURS(msg, info4.logon_hours, "logonHours");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 6:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info6.full_name.string, "displayName");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
r5783: Test renaming of accounts in the RPC-SAMR test, and add support into the SAMR server. Andrew Bartlett (This used to be commit fd748f9d2f8f354f76587d92b94de83bffe1c6dc)
2005-03-13 09:43:34 +03:00
case 7:
SET_STRING(msg, info7.account_name.string, "samAccountName");
break;
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
case 8:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info8.full_name.string, "displayName");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 9:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_UINT(msg, info9.primary_gid, "primaryGroupID");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 10:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info10.home_directory.string, "homeDirectory");
SET_STRING(msg, info10.home_drive.string, "homeDrive");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 11:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info11.logon_script.string, "scriptPath");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 12:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info12.profile_path.string, "profilePath");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 13:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info13.description.string, "description");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 14:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info14.workstations.string, "userWorkstations");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 16:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_AFLAGS(msg, info16.acct_flags, "userAccountControl");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 20:
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info20.parameters.string, "userParameters");
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
break;
case 21:
#define IFSET(bit) if (bit & r->in.info->info21.fields_present)
r5783: Test renaming of accounts in the RPC-SAMR test, and add support into the SAMR server. Andrew Bartlett (This used to be commit fd748f9d2f8f354f76587d92b94de83bffe1c6dc)
2005-03-13 09:43:34 +03:00
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info21.account_name.string, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info21.full_name.string, "displayName");
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
IFSET(SAMR_FIELD_DESCRIPTION)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info21.description.string, "description");
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
IFSET(SAMR_FIELD_COMMENT)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info21.comment.string, "comment");
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
IFSET(SAMR_FIELD_LOGON_SCRIPT)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info21.logon_script.string, "scriptPath");
r1028: More consistancy fixes, which should also fix the build. Andrew Bartlett (This used to be commit 0d2ae66d3a82134d86084f63c05214e03dfcb48b)
2004-06-05 08:32:50 +04:00
IFSET(SAMR_FIELD_PROFILE_PATH)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info21.profile_path.string, "profilePath");
r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list. Andrew Bartlett (This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)
2005-03-18 07:25:10 +03:00
IFSET(SAMR_FIELD_WORKSTATIONS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info21.workstations.string, "userWorkstations");
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
IFSET(SAMR_FIELD_LOGON_HOURS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_LHOURS(msg, info21.logon_hours, "logonHours");
r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25. Andrew Bartlett (This used to be commit 51774a9bcad97686e5259ac8d753b3df58072622)
2004-10-20 06:12:52 +04:00
IFSET(SAMR_FIELD_ACCT_FLAGS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_AFLAGS(msg, info21.acct_flags, "userAccountControl");
IFSET(SAMR_FIELD_PARAMETERS)
SET_STRING(msg, info21.parameters.string, "userParameters");
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
IFSET(SAMR_FIELD_COUNTRY_CODE)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_UINT (msg, info21.country_code, "countryCode");
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
IFSET(SAMR_FIELD_CODE_PAGE)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_UINT (msg, info21.code_page, "codePage");
r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25. Andrew Bartlett (This used to be commit 51774a9bcad97686e5259ac8d753b3df58072622)
2004-10-20 06:12:52 +04:00
/* Any reason the rest of these can't be set? */
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
#undef IFSET
break;
case 23:
#define IFSET(bit) if (bit & r->in.info->info23.info.fields_present)
r5783: Test renaming of accounts in the RPC-SAMR test, and add support into the SAMR server. Andrew Bartlett (This used to be commit fd748f9d2f8f354f76587d92b94de83bffe1c6dc)
2005-03-13 09:43:34 +03:00
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info23.info.account_name.string, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info23.info.full_name.string, "displayName");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_DESCRIPTION)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info23.info.description.string, "description");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_COMMENT)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info23.info.comment.string, "comment");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_LOGON_SCRIPT)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info23.info.logon_script.string, "scriptPath");
r1028: More consistancy fixes, which should also fix the build. Andrew Bartlett (This used to be commit 0d2ae66d3a82134d86084f63c05214e03dfcb48b)
2004-06-05 08:32:50 +04:00
IFSET(SAMR_FIELD_PROFILE_PATH)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info23.info.profile_path.string, "profilePath");
r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list. Andrew Bartlett (This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)
2005-03-18 07:25:10 +03:00
IFSET(SAMR_FIELD_WORKSTATIONS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info23.info.workstations.string, "userWorkstations");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_LOGON_HOURS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_LHOURS(msg, info23.info.logon_hours, "logonHours");
r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25. Andrew Bartlett (This used to be commit 51774a9bcad97686e5259ac8d753b3df58072622)
2004-10-20 06:12:52 +04:00
IFSET(SAMR_FIELD_ACCT_FLAGS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_AFLAGS(msg, info23.info.acct_flags, "userAccountControl");
IFSET(SAMR_FIELD_PARAMETERS)
SET_STRING(msg, info23.info.parameters.string, "userParameters");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_COUNTRY_CODE)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_UINT (msg, info23.info.country_code, "countryCode");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_CODE_PAGE)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_UINT (msg, info23.info.code_page, "codePage");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_PASSWORD) {
status = samr_set_password(dce_call,
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
mem_ctx, msg,
&r->in.info->info23.password);
r3080: Make the Samba4 SAMR server pass the new, nasty torture test (now that SAMR_FIELD_PASSWORD has been split up). Andrew Bartlett (This used to be commit 5f2295a5fb422ad028e67b240e55206acefb48bd)
2004-10-20 06:26:59 +04:00
} else IFSET(SAMR_FIELD_PASSWORD2) {
status = samr_set_password(dce_call,
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
mem_ctx, msg,
&r->in.info->info23.password);
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
}
#undef IFSET
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
break;
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
/* the set password levels are handled separately */
case 24:
r873: converted samba4 to use real 64 bit integers instead of structures. This was suggested by metze recently. I checked on the build farm and all the machines we have support 64 bit ints, and support the LL suffix for 64 bit constants. I suspect some won't support strtoll() and related functions, so we will probably need replacements for those. (This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
2004-05-25 17:57:39 +04:00
status = samr_set_password(dce_call,
a_state->sam_ctx,
r839: password set/change in the samr server is complex enough that it deserves its own C module (This used to be commit 2ba7ff824c32b3db037263ddcff9c876293ea284)
2004-05-24 09:35:59 +04:00
a_state->account_dn,
a_state->domain_state->domain_dn,
mem_ctx, msg,
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
&r->in.info->info24.password);
break;
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
case 25:
#define IFSET(bit) if (bit & r->in.info->info25.info.fields_present)
r5783: Test renaming of accounts in the RPC-SAMR test, and add support into the SAMR server. Andrew Bartlett (This used to be commit fd748f9d2f8f354f76587d92b94de83bffe1c6dc)
2005-03-13 09:43:34 +03:00
IFSET(SAMR_FIELD_ACCOUNT_NAME)
SET_STRING(msg, info25.info.account_name.string, "samAccountName");
IFSET(SAMR_FIELD_FULL_NAME)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info25.info.full_name.string, "displayName");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_DESCRIPTION)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info25.info.description.string, "description");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_COMMENT)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info25.info.comment.string, "comment");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_LOGON_SCRIPT)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info25.info.logon_script.string, "scriptPath");
r1028: More consistancy fixes, which should also fix the build. Andrew Bartlett (This used to be commit 0d2ae66d3a82134d86084f63c05214e03dfcb48b)
2004-06-05 08:32:50 +04:00
IFSET(SAMR_FIELD_PROFILE_PATH)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info25.info.profile_path.string, "profilePath");
r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list. Andrew Bartlett (This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)
2005-03-18 07:25:10 +03:00
IFSET(SAMR_FIELD_WORKSTATIONS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_STRING(msg, info25.info.workstations.string, "userWorkstations");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_LOGON_HOURS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_LHOURS(msg, info25.info.logon_hours, "logonHours");
r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25. Andrew Bartlett (This used to be commit 51774a9bcad97686e5259ac8d753b3df58072622)
2004-10-20 06:12:52 +04:00
IFSET(SAMR_FIELD_ACCT_FLAGS)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_AFLAGS(msg, info25.info.acct_flags, "userAccountControl");
IFSET(SAMR_FIELD_PARAMETERS)
SET_STRING(msg, info25.info.parameters.string, "userParameters");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_COUNTRY_CODE)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_UINT (msg, info25.info.country_code, "countryCode");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_CODE_PAGE)
r3724: Rename a number of structures, for better consistance between SAMR and NETLOGON. In particular, rename samr_Name to samr_String - given that many strings in this pipe are not 'names', the previous was just confusing. (I look forward to PIDL turning these into simple char * some day...). Also export out a few changes from testjoin.c to allow for how I have written the new RPC-SAMSYNC test. Andrew Bartlett (This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
2004-11-13 16:45:41 +03:00
SET_UINT (msg, info25.info.code_page, "codePage");
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
IFSET(SAMR_FIELD_PASSWORD) {
status = samr_set_password_ex(dce_call,
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
mem_ctx, msg,
&r->in.info->info25.password);
r3080: Make the Samba4 SAMR server pass the new, nasty torture test (now that SAMR_FIELD_PASSWORD has been split up). Andrew Bartlett (This used to be commit 5f2295a5fb422ad028e67b240e55206acefb48bd)
2004-10-20 06:26:59 +04:00
} else IFSET(SAMR_FIELD_PASSWORD2) {
status = samr_set_password_ex(dce_call,
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
mem_ctx, msg,
&r->in.info->info25.password);
r897: - user/group creation needs to create unique names across both the Builtin and local domain, as some calls (notably password change calls) don't specify a domain name, they just specifiy an account name. - added the remaining password set levels to SetUserInfo in the samr server. We now support all of the password set and change levels that we know about in SAMR. (This used to be commit 965748cbee7853238e9e5f4a4d75780f206d492e)
2004-05-26 08:20:17 +04:00
}
#undef IFSET
break;
/* the set password levels are handled separately */
case 26:
status = samr_set_password_ex(dce_call,
a_state->sam_ctx,
a_state->account_dn,
a_state->domain_state->domain_dn,
mem_ctx, msg,
&r->in.info->info26.password);
break;
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
default:
/* many info classes are not valid for SetUserInfo */
return NT_STATUS_INVALID_INFO_CLASS;
}
r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all of the password complexity, password history and other password restrictions. (This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
2004-05-10 15:23:50 +04:00
if (!NT_STATUS_IS_OK(status)) {
return status;
}
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
/* modify the samdb record */
r812: added a new samdb_replace() call that simplifies the code in the main samr server a bit. (This used to be commit 255d6e77e705bb7a94e6738c9f48f9d8c625883c)
2004-05-22 04:53:57 +04:00
ret = samdb_replace(a_state->sam_ctx, mem_ctx, msg);
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetGroupsForUser
*/
static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetGroupsForUser *r)
{
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
struct dcesrv_handle *h;
struct samr_account_state *a_state;
struct samr_domain_state *d_state;
struct ldb_message **res;
const char * const attrs[2] = { "objectSid", NULL };
r7993: Further work on the Krb5 PAC. We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2005-06-29 17:55:09 +04:00
struct samr_RidWithAttributeArray *array;
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
int count;
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
a_state = h->data;
d_state = a_state->domain_state;
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
attrs, d_state->domain_sid,
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
"(&(member=%s)(grouptype=%s)(objectclass=group))",
a_state->account_dn,
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_GLOBAL_GROUP));
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
r7993: Further work on the Krb5 PAC. We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2005-06-29 17:55:09 +04:00
array = talloc(mem_ctx, struct samr_RidWithAttributeArray);
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
if (array == NULL)
return NT_STATUS_NO_MEMORY;
array->count = 0;
r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC. Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2005-05-01 12:05:17 +04:00
array->rids = NULL;
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
if (count > 0) {
int i;
r7993: Further work on the Krb5 PAC. We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2005-06-29 17:55:09 +04:00
array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute,
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
count);
r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC. Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2005-05-01 12:05:17 +04:00
if (array->rids == NULL)
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
return NT_STATUS_NO_MEMORY;
for (i=0; i<count; i++) {
struct dom_sid *group_sid;
group_sid = samdb_result_dom_sid(mem_ctx, res[i],
"objectSid");
if (group_sid == NULL) {
DEBUG(0, ("Couldn't find objectSid attrib\n"));
continue;
}
r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC. Fill out the group list for the SamLogon reply, so clients get the supplementary groups. Andrew Bartlett (This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
2005-05-01 12:05:17 +04:00
array->rids[array->count].rid =
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
group_sid->sub_auths[group_sid->num_auths-1];
r7993: Further work on the Krb5 PAC. We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2005-06-29 17:55:09 +04:00
array->rids[array->count].attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two, usrmgr.exe seems to become usable. Some quirks, but it's worth a try. Volker (This used to be commit 9c62a239cd609092654ad653972153a3a71e7279)
2004-12-30 01:57:20 +03:00
array->count += 1;
}
}
r->out.rids = array;
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryDisplayInfo
*/
static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryDisplayInfo *r)
{
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
struct ldb_message **res;
int ldb_cnt, count, i;
const char * const attrs[4] = { "objectSid", "sAMAccountName",
"description", NULL };
struct samr_DispEntryFull *entriesFull = NULL;
struct samr_DispEntryAscii *entriesAscii = NULL;
struct samr_DispEntryGeneral * entriesGeneral = NULL;
const char *filter;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
switch (r->in.level) {
case 1:
case 4:
filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)"
"(sAMAccountType=%s))",
ldb_hexstr(mem_ctx,
ATYPE_NORMAL_ACCOUNT));
break;
case 2:
filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)"
"(sAMAccountType=%s))",
ldb_hexstr(mem_ctx,
ATYPE_WORKSTATION_TRUST));
break;
case 3:
case 5:
filter = talloc_asprintf(mem_ctx, "(&(grouptype=%s)"
"(objectclass=group))",
ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP));
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
/* search for all requested objects in this domain. This could
possibly be cached and resumed based on resume_key */
ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
d_state->domain_sid, "%s", filter);
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
if (ldb_cnt == -1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (ldb_cnt == 0 || r->in.max_entries == 0) {
return NT_STATUS_OK;
}
switch (r->in.level) {
case 1:
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
entriesGeneral = talloc_array(mem_ctx,
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
struct samr_DispEntryGeneral,
ldb_cnt);
break;
case 2:
case 3:
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
entriesFull = talloc_array(mem_ctx,
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
struct samr_DispEntryFull,
ldb_cnt);
break;
case 4:
case 5:
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 10:08:20 +03:00
entriesAscii = talloc_array(mem_ctx,
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
struct samr_DispEntryAscii,
ldb_cnt);
break;
}
if ((entriesGeneral == NULL) && (entriesFull == NULL) &&
(entriesAscii == NULL))
return NT_STATUS_NO_MEMORY;
count = 0;
for (i=0; i<ldb_cnt; i++) {
struct dom_sid *objectsid;
objectsid = samdb_result_dom_sid(mem_ctx, res[i],
"objectSid");
if (objectsid == NULL)
continue;
switch(r->in.level) {
case 1:
r7507: fixed the problem with users being shown too many times in acl editors, and added a test for it. (This used to be commit 9e428881f6fc0a422ac9011d847e8f692284397a)
2005-06-12 15:03:15 +04:00
entriesGeneral[count].idx = count + 1;
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
entriesGeneral[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];
entriesGeneral[count].acct_flags =
samdb_result_acct_flags(res[i],
"userAccountControl");
entriesGeneral[count].account_name.string =
samdb_result_string(res[i],
"sAMAccountName", "");
entriesGeneral[count].full_name.string =
samdb_result_string(res[i], "displayName", "");
entriesGeneral[count].description.string =
samdb_result_string(res[i], "description", "");
break;
case 2:
case 3:
r7507: fixed the problem with users being shown too many times in acl editors, and added a test for it. (This used to be commit 9e428881f6fc0a422ac9011d847e8f692284397a)
2005-06-12 15:03:15 +04:00
entriesFull[count].idx = count + 1;
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
entriesFull[count].rid =
objectsid->sub_auths[objectsid->num_auths-1];
entriesFull[count].acct_flags =
samdb_result_acct_flags(res[i],
"userAccountControl");
if (r->in.level == 3) {
/* We get a "7" here for groups */
entriesFull[count].acct_flags = 7;
}
entriesFull[count].account_name.string =
samdb_result_string(res[i], "sAMAccountName",
"");
entriesFull[count].description.string =
samdb_result_string(res[i], "description", "");
break;
case 4:
case 5:
r7507: fixed the problem with users being shown too many times in acl editors, and added a test for it. (This used to be commit 9e428881f6fc0a422ac9011d847e8f692284397a)
2005-06-12 15:03:15 +04:00
entriesAscii[count].idx = count + 1;
r4380: Implement samr_QueryDisplayInfo. This probably needs some polishing (Do we have to sort the entries?) Volker (This used to be commit 26d21bb5cc26964f2d790aa83149ba399ac50db2)
2004-12-29 02:01:34 +03:00
entriesAscii[count].account_name.string =
samdb_result_string(res[i], "sAMAccountName",
"");
break;
}
count += 1;
}
r->out.total_size = count;
if (r->in.start_idx >= count) {
r->out.returned_size = 0;
switch(r->in.level) {
case 1:
r->out.info.info1.count = r->out.returned_size;
r->out.info.info1.entries = NULL;
break;
case 2:
r->out.info.info2.count = r->out.returned_size;
r->out.info.info2.entries = NULL;
break;
case 3:
r->out.info.info3.count = r->out.returned_size;
r->out.info.info3.entries = NULL;
break;
case 4:
r->out.info.info4.count = r->out.returned_size;
r->out.info.info4.entries = NULL;
break;
case 5:
r->out.info.info5.count = r->out.returned_size;
r->out.info.info5.entries = NULL;
break;
}
} else {
r->out.returned_size = MIN(count - r->in.start_idx,
r->in.max_entries);
switch(r->in.level) {
case 1:
r->out.info.info1.count = r->out.returned_size;
r->out.info.info1.entries =
&(entriesGeneral[r->in.start_idx]);
break;
case 2:
r->out.info.info2.count = r->out.returned_size;
r->out.info.info2.entries =
&(entriesFull[r->in.start_idx]);
break;
case 3:
r->out.info.info3.count = r->out.returned_size;
r->out.info.info3.entries =
&(entriesFull[r->in.start_idx]);
break;
case 4:
r->out.info.info4.count = r->out.returned_size;
r->out.info.info4.entries =
&(entriesAscii[r->in.start_idx]);
break;
case 5:
r->out.info.info5.count = r->out.returned_size;
r->out.info.info5.entries =
&(entriesAscii[r->in.start_idx]);
break;
}
}
return (r->out.returned_size < (count - r->in.start_idx)) ?
STATUS_MORE_ENTRIES : NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetDisplayEnumerationIndex
*/
static NTSTATUS samr_GetDisplayEnumerationIndex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetDisplayEnumerationIndex *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_TestPrivateFunctionsDomain
*/
static NTSTATUS samr_TestPrivateFunctionsDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_TestPrivateFunctionsDomain *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_TestPrivateFunctionsUser
*/
static NTSTATUS samr_TestPrivateFunctionsUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_TestPrivateFunctionsUser *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetUserPwInfo
*/
static NTSTATUS samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
struct samr_GetUserPwInfo *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
struct dcesrv_handle *h;
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
struct samr_account_state *a_state;
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
ZERO_STRUCT(r->out.info);
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
r626: make the code a bit more readable metze (This used to be commit 81b94718e4145a53947d401c4b4b88b71c71e4a4)
2004-05-10 16:37:06 +04:00
a_state = h->data;
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0,
r8520: fixed a pile of warnings from the build farm gcc -Wall output on S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2005-07-17 13:20:52 +04:00
a_state->domain_state->domain_dn, "minPwdLength",
"dn=%s",
a_state->domain_state->domain_dn);
r7582: Better way to have a fast path searching for a specific DN. Old way was ugly and had a bug, you couldn't add an attribute named dn or distinguishedName and search for it, tdb would change that search in a dn search. This makes it also possible to search by dn against an ldap server as the old method was not supported by ldap syntaxes. sss (This used to be commit a614466dec2484a0d39bdfae53da822cfcf80926)
2005-06-14 23:15:17 +04:00
r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0,
r8520: fixed a pile of warnings from the build farm gcc -Wall output on S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2005-07-17 13:20:52 +04:00
a_state->account_dn,
"pwdProperties",
"dn=%s", a_state->account_dn);
r608: - a couple of very minor fixes to the CreateGroup code - added samr_GetUserPwInfo() samr server call (This used to be commit 0250f5d6aaf4f9325ace707c69f5e24bcd7a0ed9)
2004-05-09 16:32:25 +04:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_RemoveMemberFromForeignDomain
*/
static NTSTATUS samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_RemoveMemberFromForeignDomain *r)
{
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
const char *memberdn;
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
struct ldb_message **res;
const char * const attrs[3] = { "dn", "objectSid", NULL };
int i, count;
DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN);
d_state = h->data;
memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
"dn", "(objectSid=%s)",
ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid));
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
if (memberdn == NULL)
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
/* TODO: Does this call only remove alias members, or does it do this
* for domain groups as well? */
count = samdb_search_domain(d_state->sam_ctx, mem_ctx,
d_state->domain_dn, &res, attrs,
r7860: switch our ldb storage format to use a NDR encoded objectSid. This is quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2005-06-24 04:18:20 +04:00
d_state->domain_sid,
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
"(&(member=%s)(objectClass=group)"
"(|(groupType=%s)(groupType=%s)))",
memberdn,
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_BUILTIN_LOCAL_GROUP),
ldb_hexstr(mem_ctx,
GTYPE_SECURITY_DOMAIN_LOCAL_GROUP));
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
for (i=0; i<count; i++) {
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
struct ldb_message *mod;
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
mod = ldb_msg_new(mem_ctx);
if (mod == NULL) {
return NT_STATUS_NO_MEMORY;
}
mod->dn = talloc_reference(mod,
samdb_result_string(res[i], "dn",
NULL));
if (mod->dn == NULL) {
talloc_free(mod);
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
continue;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
}
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_msg_add_delval(d_state->sam_ctx, mem_ctx, mod,
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
"member", memberdn) != 0)
return NT_STATUS_NO_MEMORY;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
if (samdb_modify(d_state->sam_ctx, mem_ctx, mod) != 0)
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
return NT_STATUS_UNSUCCESSFUL;
r4475: fixed smbd to work with the small changes in the ldb API (the most important change was in the ldb_msg_add_*() routines, which now use the msg as a context, and thus it needs to be a talloc ptr) (This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
2005-01-02 10:51:13 +03:00
talloc_free(mod);
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user with usrmgr.exe. To fix: Remove domain group membership attrib values when a user is deleted. Volker (This used to be commit 83d180c732ba73cf50072ef73ccdd60e72bc9910)
2004-12-30 21:50:15 +03:00
}
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryDomainInfo2
*/
static NTSTATUS samr_QueryDomainInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryDomainInfo2 *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryUserInfo2
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
just an alias for samr_QueryUserInfo
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
*/
static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
struct samr_QueryUserInfo2 *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
struct samr_QueryUserInfo r1;
NTSTATUS status;
r4490: when implementing one rpc server call in terms of another call, you must zero r.out before making the 2nd call if the 2nd call has any non-ref out parameters. This is needed for the case where the 2nd call fails, and the 1st call would then fill in its out fields based on uninitialised memory. (This used to be commit 202470326dcfaa5d36aaaf6be47eec40fed50402)
2005-01-03 02:31:12 +03:00
ZERO_STRUCT(r1.out);
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
r1.in.user_handle = r->in.user_handle;
r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password set levels. This means that a large part of the RPC-SAMR torture test now runs correctly against Samba4 (This used to be commit ec0a51898f543578e755207d81ed5c1524861c64)
2004-05-09 13:39:47 +04:00
r1.in.level = r->in.level;
status = samr_QueryUserInfo(dce_call, mem_ctx, &r1);
r->out.info = r1.out.info;
return status;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryDisplayInfo2
*/
static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r4490: when implementing one rpc server call in terms of another call, you must zero r.out before making the 2nd call if the 2nd call has any non-ref out parameters. This is needed for the case where the 2nd call fails, and the 1st call would then fill in its out fields based on uninitialised memory. (This used to be commit 202470326dcfaa5d36aaaf6be47eec40fed50402)
2005-01-03 02:31:12 +03:00
struct samr_QueryDisplayInfo2 *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
struct samr_QueryDisplayInfo q;
NTSTATUS result;
q.in.domain_handle = r->in.domain_handle;
q.in.level = r->in.level;
q.in.start_idx = r->in.start_idx;
q.in.max_entries = r->in.max_entries;
q.in.buf_size = r->in.buf_size;
r4490: when implementing one rpc server call in terms of another call, you must zero r.out before making the 2nd call if the 2nd call has any non-ref out parameters. This is needed for the case where the 2nd call fails, and the 1st call would then fill in its out fields based on uninitialised memory. (This used to be commit 202470326dcfaa5d36aaaf6be47eec40fed50402)
2005-01-03 02:31:12 +03:00
ZERO_STRUCT(q.out);
r4414: Various bits&pieces: * Implement samr_search_domain, filter out all elements with no "objectSid" attribute and all objects outside a specified domain sid. * Minor cleanups in dcerpc_samr.c due to that. * Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe one step further. * Same for samr_info_DomInfo1. Volker (This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
2004-12-30 20:01:49 +03:00
result = samr_QueryDisplayInfo(dce_call, mem_ctx, &q);
r->out.total_size = q.out.total_size;
r->out.returned_size = q.out.returned_size;
r->out.info = q.out.info;
return result;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetDisplayEnumerationIndex2
*/
static NTSTATUS samr_GetDisplayEnumerationIndex2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetDisplayEnumerationIndex2 *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_QueryDisplayInfo3
*/
static NTSTATUS samr_QueryDisplayInfo3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_QueryDisplayInfo3 *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_AddMultipleMembersToAlias
*/
static NTSTATUS samr_AddMultipleMembersToAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_AddMultipleMembersToAlias *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_RemoveMultipleMembersFromAlias
*/
static NTSTATUS samr_RemoveMultipleMembersFromAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_RemoveMultipleMembersFromAlias *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetDomPwInfo
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
this fetches the default password properties for a domain
r901: w2k3 completely ignores the domain name argument to GetDomPwInfo, always returning the info for the primary domain. I noticed this because WinXP sends the wrong information in this field (it sends \\server_name) and gets away with it (This used to be commit e128bcca562960afe75bf14dd775113e1dd7b213)
2004-05-26 11:32:30 +04:00
note that w2k3 completely ignores the domain name in this call, and
always returns the information for the servers primary domain
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
*/
static NTSTATUS samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
struct samr_GetDomPwInfo *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
struct ldb_message **msgs;
int ret;
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
const char * const attrs[] = {"minPwdLength", "pwdProperties", NULL };
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
struct ldb_context *sam_ctx;
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
r1013: WE NEED ALWAYS TO INIT THE OUTPUT VARS! in rpc server code! add missing ZERO_STRUCT(r->out.info); in samr_GetDomPwInfo metze (This used to be commit e21f8a343022424097ff53cd8d5e16ac46fff772)
2004-06-05 00:36:44 +04:00
ZERO_STRUCT(r->out.info);
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
sam_ctx = samdb_connect(mem_ctx);
r514: added a context pointer to the samdb interface, as suggested by metze. Also added a reference count so that a client can close the connection handle and still used a derived domain handle. (This used to be commit b1cd98188d6f1f8236f5dbc7a3605a39ae27fb73)
2004-05-06 16:42:42 +04:00
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
r5988: Fix the -P option (use machine account credentials) to use the Samba4 secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2005-03-23 04:30:43 +03:00
ret = gendb_search(sam_ctx,
r578: initial server side implementation of samr_CreateUser(), samr_CreateUser2(), samr_LookupNames(), samr_OpenUser(), and samr_DeleteUser() this uses a user template in the SAM db, of objectclass "userTemplate" and dn CN=TemplateUser,CN=Templates,$BASEDN. Using a template allows an admin to add any default user attributes that they might want to the user template and all new users will receive those attributes. (This used to be commit 10b6e0011b5952c98432dc2d4b2058ac89a9cc2d)
2004-05-08 04:02:31 +04:00
mem_ctx, NULL, &msgs, attrs,
r8790: Finish the migration of aliases and privilages with SamSync, by adding templating support for foreignSecurityPrincipals to the samdb module. This is an extension beyond what microsoft does, and has been very useful :-) The setup scripts have been modified to use the new template, as has the SAMR and LSA code. Other cleanups in LSA remove the assumption that the short domain name is the first component of the realm. Also add a lot of useful debug messages, to make it clear how/why the SamSync may have gone wrong. Many of these should perhaps be hooked into an error string. Andrew Bartlett (This used to be commit 1f071b0609c5c83024db1d4a7d04334a932b8253)
2005-07-27 04:23:09 +04:00
"(&(!(objectClass=builtinDomain))(objectclass=domain))");
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
if (ret <= 0) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
if (ret > 1) {
r6470: Remove ldb_search_free() it is not needed anymore. Just use talloc_free() to release the memory after an ldb_search(). (This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
2005-04-25 16:46:18 +04:00
talloc_free(msgs);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
r3804: Add more comparison tests in RPC-SAMSYNC. This compares values for the domain and for secrets. We still have some problems we need to sort out for secrets. Also rename a number of structures in samr.idl and netlogon.idl, to better express their consistancy. Andrew Bartlett (This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
2004-11-17 14:56:13 +03:00
r->out.info.min_password_length = samdb_result_uint(msgs[0], "minPwdLength", 0);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
r->out.info.password_properties = samdb_result_uint(msgs[0], "pwdProperties", 1);
r6470: Remove ldb_search_free() it is not needed anymore. Just use talloc_free() to release the memory after an ldb_search(). (This used to be commit 4f0948dab0aa5e8b6a4ce486f3668ca8dfae23db)
2005-04-25 16:46:18 +04:00
talloc_free(msgs);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
r2051: switched the samdb over to using the new destructor and reference count features of talloc, instead of re-implementing both those features inside of samdb (which is what we did before). This makes samdb considerably simpler, and also fixes some bugs, as I found some error paths that didn't call samdb_close(). Those are now handled by the fact that a talloc_free() will auto-close and destroy the samdb context, using a destructor. (This used to be commit da60987a92266734c33b81ee217081abdc4330f3)
2004-08-25 10:44:23 +04:00
talloc_free(sam_ctx);
r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls if you take a look at samr_GetDomPwInfo() then you will get a fairly good idea of what I am planning for the database oriented SAMR server implementation. (This used to be commit bba0044a514cf86cbcf14bc82dd6c49808c22dab)
2004-05-04 11:53:06 +04:00
return NT_STATUS_OK;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_Connect2
*/
static NTSTATUS samr_Connect2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect2 *r)
{
struct samr_Connect c;
c.in.system_name = NULL;
c.in.access_mask = r->in.access_mask;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
c.out.connect_handle = r->out.connect_handle;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return samr_Connect(dce_call, mem_ctx, &c);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_SetUserInfo2
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
just an alias for samr_SetUserInfo
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
*/
static NTSTATUS samr_SetUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct samr_SetUserInfo2 *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
struct samr_SetUserInfo r2;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
r2.in.user_handle = r->in.user_handle;
r587: added server code for samr_EnumDomainUsers, and started adding samr_SetUserInfo and samr_QueryUserInfo (This used to be commit e0db9659a85b59e52fbe033a94b411d6c64d9f9c)
2004-05-08 18:42:45 +04:00
r2.in.level = r->in.level;
r2.in.info = r->in.info;
return samr_SetUserInfo(dce_call, mem_ctx, &r2);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_SetBootKeyInformation
*/
static NTSTATUS samr_SetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetBootKeyInformation *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_GetBootKeyInformation
*/
static NTSTATUS samr_GetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_GetBootKeyInformation *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_Connect3
*/
static NTSTATUS samr_Connect3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect3 *r)
{
struct samr_Connect c;
c.in.system_name = NULL;
c.in.access_mask = r->in.access_mask;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
c.out.connect_handle = r->out.connect_handle;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return samr_Connect(dce_call, mem_ctx, &c);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_Connect4
*/
static NTSTATUS samr_Connect4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect4 *r)
{
struct samr_Connect c;
c.in.system_name = NULL;
c.in.access_mask = r->in.access_mask;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
c.out.connect_handle = r->out.connect_handle;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
return samr_Connect(dce_call, mem_ctx, &c);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_Connect5
*/
static NTSTATUS samr_Connect5(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_Connect5 *r)
{
struct samr_Connect c;
NTSTATUS status;
c.in.system_name = NULL;
c.in.access_mask = r->in.access_mask;
r2458: Rename policy handle parameters for the SAMR pipe. Parameters now have the handle type implied by the parameter name. There are four types of handle: connect, domain, user and group handles. The various samr_Connect functions return a connect handle, and the samr_OpenFoo functions return a foo handle. There is one exception - the samr_{Get,Set}Security function can take any type of handle. Fix up all C callers. (This used to be commit 32f0f3154a8eb63de83145cbc8806b8906ccdc3e)
2004-09-21 07:51:38 +04:00
c.out.connect_handle = r->out.connect_handle;
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
status = samr_Connect(dce_call, mem_ctx, &c);
r->out.info->info1.unknown1 = 3;
r->out.info->info1.unknown2 = 0;
r->out.level = r->in.level;
return status;
}
/*
samr_RidToSid
*/
static NTSTATUS samr_RidToSid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_RidToSid *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_SetDsrmPassword
*/
static NTSTATUS samr_SetDsrmPassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct samr_SetDsrmPassword *r)
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/*
samr_ValidatePassword
*/
static NTSTATUS samr_ValidatePassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
r839: password set/change in the samr server is complex enough that it deserves its own C module (This used to be commit 2ba7ff824c32b3db037263ddcff9c876293ea284)
2004-05-24 09:35:59 +04:00
struct samr_ValidatePassword *r)
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
{
r464: a big improvement to the API for writing server-side RPC servers. Previously the server pipe code needed to return the RPC level status (nearly always "OK") and separately set the function call return using r->out.result. All the programmers writing servers (metze, jelmer and me) were often getting this wrong, by doing things like "return NT_STATUS_NO_MEMORY" which was really quite meaningless as there is no code like that at the dcerpc level. I have now modified pidl to generate the necessary boilerplate so that just returning the status you want from the function will work. So for a NTSTATUS function you return NT_STATUS_XXX and from a WERROR function you return WERR_XXX. If you really want to generate a DCERPC level fault rather than just a return value in your function then you should use the DCESRV_FAULT() macro which will correctly generate a fault for you. As a side effect, this also adds automatic type checking of all of our server side rpc functions, which was impossible with the old API. When I changed the API I found and fixed quite a few functions with the wrong type information, so this is definately useful. I have also changed the server side template generation to generate a DCERPC "operation range error" by default when you have not yet filled in a server side function. This allows us to correctly implement functions in any order in our rpc pipe servers and give the client the right information about the fault. (This used to be commit a4df5c7cf88891a78d82c8d6d7f058d8485e73f0)
2004-05-04 10:07:52 +04:00
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
r458: this is the (very primitive) beginnings of a SAMR server for Samba4. I'm committing this now so I can get comments on the approach. Note that you need to do something like this to initialise the SAM db: edit script/provision.pl script/provision.pl > provision.ldif.out bin/ldbadd /path/to/private/sam.ldb provision.ldif.out (This used to be commit e2002e40a5abe0cd33a2056b1da8ba5732f9021f)
2004-05-03 18:58:08 +04:00
}
/* include the generated boilerplate */
#include "librpc/gen_ndr/ndr_samr_s.c"
Copy Permalink