sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

first pass of the new group mapping code

Browse Source 
J.F.
(This used to be commit 7154deb026)
This commit is contained in:
Jean-François Micouleau 2001-03-23 00:50:31 +00:00
parent 97bbbd49a8
commit 0053bd8b80
10 changed files with 2208 additions and 519 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source3/Makefile.in
View File

@ -170,6 +170,8 @@ PASSDB_OBJ = passdb/passdb.o passdb/secrets.o \
passdb/machine_sid.o passdb/pdb_smbpasswd.o \
passdb/pdb_tdb.o
GROUPDB_OBJ = groupdb/mapping.o
# passdb/smbpass.o passdb/ldap.o passdb/nispass.o
PROFILE_OBJ = profile/profile.o
@ -201,7 +203,7 @@ MSDFS_OBJ = msdfs/msdfs.o
SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \
$(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \
$(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) $(NOTIFY_OBJ)
$(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) $(NOTIFY_OBJ) $(GROUPDB_OBJ)
NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
@ -258,6 +260,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \
PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \
$(LIBSMB_OBJ) $(PASSDB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o
@ -513,6 +518,10 @@ bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(LIBS)
bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS)
bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(MAKE_SMBCODEPAGE_OBJ) $(LDFLAGS) $(LIBS)

754
source3/groupdb/mapping.c Normal file
View File

@ -0,0 +1,754 @@
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-2000,
* Copyright (C) Jean François Micouleau 1998-2001.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
static TDB_CONTEXT *tdb; /* used for driver files */
#define DATABASE_VERSION 1
#define GROUP_PREFIX "UNIXGROUP/"
PRIVS privs[] = {
{SE_PRIV_NONE, "no_privs", "No privilege"},
{SE_PRIV_ADD_USERS, "add_users", "add users"},
{SE_PRIV_ADD_MACHINES, "add_computers", ""},
{SE_PRIV_PRINT_OPERATOR, "print_op", ""},
{SE_PRIV_ALL, "all_privs", ""}
};
/*
PRIVS privs[] = {
{ 2, "SeCreateTokenPrivilege" },
{ 3, "SeAssignPrimaryTokenPrivilege" },
{ 4, "SeLockMemoryPrivilege" },
{ 5, "SeIncreaseQuotaPrivilege" },
{ 6, "SeMachineAccountPrivilege" },
{ 7, "SeTcbPrivilege" },
{ 8, "SeSecurityPrivilege" },
{ 9, "SeTakeOwnershipPrivilege" },
{ 10, "SeLoadDriverPrivilege" },
{ 11, "SeSystemProfilePrivilege" },
{ 12, "SeSystemtimePrivilege" },
{ 13, "SeProfileSingleProcessPrivilege" },
{ 14, "SeIncreaseBasePriorityPrivilege" },
{ 15, "SeCreatePagefilePrivilege" },
{ 16, "SeCreatePermanentPrivilege" },
{ 17, "SeBackupPrivilege" },
{ 18, "SeRestorePrivilege" },
{ 19, "SeShutdownPrivilege" },
{ 20, "SeDebugPrivilege" },
{ 21, "SeAuditPrivilege" },
{ 22, "SeSystemEnvironmentPrivilege" },
{ 23, "SeChangeNotifyPrivilege" },
{ 24, "SeRemoteShutdownPrivilege" },
};
*/
#if 0
/****************************************************************************
check if the user has the required privilege.
****************************************************************************/
static BOOL se_priv_access_check(NT_USER_TOKEN *token, uint32 privilege)
{
/* no token, no privilege */
if (token==NULL)
return False;
if ((token->privilege & privilege)==privilege)
return True;
return False;
}
#endif
/****************************************************************************
dump the mapping group mapping to a text file
****************************************************************************/
char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use)
{
static fstring group_type;
switch(name_use) {
case SID_NAME_USER:
fstrcpy(group_type,"User");
break;
case SID_NAME_DOM_GRP:
fstrcpy(group_type,"Domain group");
break;
case SID_NAME_DOMAIN:
fstrcpy(group_type,"Domain");
break;
case SID_NAME_ALIAS:
fstrcpy(group_type,"Local group");
break;
case SID_NAME_WKN_GRP:
fstrcpy(group_type,"Builtin group");
break;
case SID_NAME_DELETED:
fstrcpy(group_type,"Deleted");
break;
case SID_NAME_INVALID:
fstrcpy(group_type,"Invalid");
break;
case SID_NAME_UNKNOWN:
default:
fstrcpy(group_type,"Unknown type");
break;
}
fstrcpy(group, group_type);
return group_type;
}
/****************************************************************************
open the group mapping tdb
****************************************************************************/
BOOL init_group_mapping(void)
{
static pid_t local_pid;
char *vstring = "INFO/version";
if (tdb && local_pid == sys_getpid()) return True;
tdb = tdb_open(lock_path("group_mapping.tdb"), 0, 0, O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open group mapping database\n"));
return False;
}
local_pid = sys_getpid();
/* handle a Samba upgrade */
tdb_lock_bystring(tdb, vstring);
if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) {
tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL);
tdb_store_int(tdb, vstring, DATABASE_VERSION);
}
tdb_unlock_bystring(tdb, vstring);
return True;
}
/****************************************************************************
****************************************************************************/
BOOL add_mapping_entry(GROUP_MAP *map, int flag)
{
TDB_DATA kbuf, dbuf;
pstring key, buf;
fstring string_sid;
int len;
sid_to_string(string_sid, &map->sid);
len = tdb_pack(buf, sizeof(buf), "ddffd",
map->gid, map->sid_name_use, map->nt_name, map->comment, map->privilege);
if (len > sizeof(buf)) return False;
slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
kbuf.dsize = strlen(key)+1;
kbuf.dptr = key;
dbuf.dsize = len;
dbuf.dptr = buf;
if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False;
return True;
}
/****************************************************************************
initialise first time the mapping list
****************************************************************************/
BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use,
fstring nt_name, fstring comment, uint32 privilege)
{
GROUP_MAP map;
map.gid=gid;
string_to_sid(&map.sid, sid);
map.sid_name_use=sid_name_use;
fstrcpy(map.nt_name, nt_name);
fstrcpy(map.comment, comment);
map.privilege=privilege;
add_mapping_entry(&map, TDB_INSERT);
return True;
}
/****************************************************************************
initialise first time the mapping list
****************************************************************************/
BOOL default_group_mapping()
{
DOM_SID sid_admins;
DOM_SID sid_users;
DOM_SID sid_guests;
fstring str_admins;
fstring str_users;
fstring str_guests;
/* Add the Wellknown groups */
add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", SE_PRIV_ALL);
add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", SE_PRIV_NONE);
add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", SE_PRIV_NONE);
add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", SE_PRIV_NONE);
add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", SE_PRIV_NONE);
add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", SE_PRIV_NONE);
add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", SE_PRIV_PRINT_OPERATOR);
add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", SE_PRIV_NONE);
add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", SE_PRIV_NONE);
/* Add the defaults domain groups */
sid_copy(&sid_admins, &global_sam_sid);
sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
sid_to_string(str_admins, &sid_admins);
add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", SE_PRIV_ALL);
sid_copy(&sid_users, &global_sam_sid);
sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
sid_to_string(str_users, &sid_users);
add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", SE_PRIV_NONE);
sid_copy(&sid_guests, &global_sam_sid);
sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
sid_to_string(str_guests, &sid_guests);
add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", SE_PRIV_NONE);
return True;
}
/****************************************************************************
return the sid and the type of the unix group
****************************************************************************/
BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf;
pstring key;
fstring string_sid;
int ret;
/* the key is the SID, retrieving is direct */
sid_to_string(string_sid, &sid);
slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
kbuf.dptr = key;
kbuf.dsize = strlen(key)+1;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) return False;
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
&map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege);
safe_free(dbuf.dptr);
if (ret != dbuf.dsize) {
DEBUG(0,("get_group_map_from_sid: mapping TDB corrupted ?\n"));
return False;
}
sid_copy(&map->sid, &sid);
return True;
}
/****************************************************************************
return the sid and the type of the unix group
****************************************************************************/
BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
int ret;
/* we need to enumerate the TDB to find the GID */
for (kbuf = tdb_firstkey(tdb);
kbuf.dptr;
newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) continue;
fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
string_to_sid(&map->sid, string_sid);
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
&map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege);
safe_free(dbuf.dptr);
if (ret != dbuf.dsize) continue;
if (gid==map->gid)
return True;
}
return False;
}
/****************************************************************************
return the sid and the type of the unix group
****************************************************************************/
BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
int ret;
/* we need to enumerate the TDB to find the GID */
for (kbuf = tdb_firstkey(tdb);
kbuf.dptr;
newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) continue;
fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
string_to_sid(&map->sid, string_sid);
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
&map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege);
safe_free(dbuf.dptr);
if (ret != dbuf.dsize) continue;
if (StrCaseCmp(name, map->nt_name)==0)
return True;
}
return False;
}
/****************************************************************************
enumerate the group mapping
****************************************************************************/
BOOL group_map_remove(DOM_SID sid)
{
TDB_DATA kbuf, dbuf;
pstring key;
fstring string_sid;
/* the key is the SID, retrieving is direct */
sid_to_string(string_sid, &sid);
slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
kbuf.dptr = key;
kbuf.dsize = strlen(key)+1;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) return False;
safe_free(dbuf.dptr);
if(tdb_delete(tdb, kbuf) != TDB_SUCCESS)
return False;
return True;
}
/****************************************************************************
enumerate the group mapping
****************************************************************************/
BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
fstring group_type;
GROUP_MAP map;
GROUP_MAP *mapt=NULL;
int ret;
int entries=0;
*num_entries=0;
*rmap=NULL;
for (kbuf = tdb_firstkey(tdb);
kbuf.dptr;
newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) continue;
fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
&map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.privilege);
safe_free(dbuf.dptr);
if (ret != dbuf.dsize) continue;
/* list only the type or everything if UNKNOWN */
if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) continue;
string_to_sid(&map.sid, string_sid);
decode_sid_name_use(group_type, map.sid_name_use);
mapt=(GROUP_MAP *)Realloc(mapt, (entries+1)*sizeof(GROUP_MAP));
mapt[entries].gid = map.gid;
sid_copy( &mapt[entries].sid, &map.sid);
mapt[entries].sid_name_use = map.sid_name_use;
fstrcpy(mapt[entries].nt_name, map.nt_name);
fstrcpy(mapt[entries].comment, map.comment);
mapt[entries].privilege = map.privilege;
entries++;
}
*rmap=mapt;
*num_entries=entries;
return True;
}
/****************************************************************************
convert a privilege list to a privilege value
****************************************************************************/
void convert_priv_from_text(uint32 *se_priv, char *privilege)
{
pstring tok;
char *p = privilege;
int i;
/* By default no privilege */
(*se_priv)=0x0;
if (privilege==NULL)
return;
while(next_token(&p, tok, " ", sizeof(tok)) ) {
for (i=0; i<=PRIV_ALL_INDEX; i++) {
if (StrCaseCmp(privs[i].priv, tok)==0)
(*se_priv)+=privs[i].se_priv;
}
}
}
/****************************************************************************
convert a privilege value to a privilege list
****************************************************************************/
void convert_priv_to_text(uint32 se_priv, char *privilege)
{
int i;
if (privilege==NULL)
return;
ZERO_STRUCTP(privilege);
if (se_priv==SE_PRIV_NONE) {
fstrcat(privilege, privs[0].priv);
return;
}
if (se_priv==SE_PRIV_ALL) {
fstrcat(privilege, privs[PRIV_ALL_INDEX].priv);
return;
}
for (i=1; privs[i].se_priv!=SE_PRIV_ALL; i++) {
if ( (se_priv & privs[i].se_priv) == privs[i].se_priv) {
fstrcat(privilege, privs[i].priv);
fstrcat(privilege, " ");
}
}
}
/*
*
* High level functions
* better to use them than the lower ones.
*
* we are checking if the group is in the mapping file
* and if the group is an existing unix group
*
*/
/* get a domain group from it's SID */
BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
{
struct group *grp;
/* if the group is NOT in the database, it CAN NOT be a domain group */
if(!get_group_map_from_sid(sid, map))
return False;
/* if it's not a domain group, continue */
if (map->sid_name_use!=SID_NAME_DOM_GRP)
return False;
if (map->gid==-1)
return False;
if ( (grp=getgrgid(map->gid)) == NULL)
return False;
return True;
}
/* get a local (alias) group from it's SID */
BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map)
{
struct group *grp;
/* The group is in the mapping table */
if(get_group_map_from_sid(sid, map)) {
if (map->sid_name_use!=SID_NAME_ALIAS)
return False;
if (map->gid==-1)
return False;
if ( (grp=getgrgid(map->gid)) == NULL)
return False;
} else {
/* the group isn't in the mapping table.
* make one based on the unix information */
uint32 alias_rid;
sid_split_rid(&sid, &alias_rid);
map->gid=pdb_user_rid_to_gid(alias_rid);
if ((grp=getgrgid(map->gid)) == NULL)
return False;
map->sid_name_use=SID_NAME_ALIAS;
fstrcpy(map->nt_name, grp->gr_name);
fstrcpy(map->comment, "Local Unix Group");
map->privilege=SE_PRIV_NONE;
}
return True;
}
/* get a builtin group from it's SID */
BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map)
{
struct group *grp;
if(!get_group_map_from_sid(sid, map))
return False;
if (map->sid_name_use!=SID_NAME_WKN_GRP)
return False;
if (map->gid==-1)
return False;
if ( (grp=getgrgid(map->gid)) == NULL)
return False;
return True;
}
/****************************************************************************
Returns a GROUP_MAP struct based on the gid.
****************************************************************************/
BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
{
struct group *grp;
DOM_SID sid;
uint32 rid;
if ( (grp=getgrgid(gid)) == NULL)
return False;
/*
* make a group map from scratch if doesn't exist.
*/
if (!get_group_map_from_gid(gid, map)) {
map->gid=gid;
map->sid_name_use=SID_NAME_ALIAS;
map->privilege=SE_PRIV_NONE;
rid=pdb_gid_to_group_rid(gid);
sid_copy(&sid, &global_sam_sid);
sid_append_rid(&sid, rid);
fstrcpy(map->nt_name, grp->gr_name);
fstrcpy(map->comment, "Local Unix Group");
}
return True;
}
/****************************************************************************
Get the member users of a group and
all the users who have that group as primary.
give back an array of uid
return the grand number of users
TODO: sort the list and remove duplicate. JFM.
****************************************************************************/
BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
{
struct group *grp;
struct passwd *pwd;
int i=0;
char *gr;
*num_uids = 0;
if ( (grp=getgrgid(gid)) == NULL)
return False;
gr = grp->gr_mem[0];
DEBUG(10, ("getting members\n"));
while (gr && (*gr != (char)NULL)) {
(*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
if( (pwd=getpwnam(gr)) !=NULL) {
(*uid)[*num_uids]=pwd->pw_uid;
(*num_uids)++;
}
gr = grp->gr_mem[++i];
}
DEBUG(10, ("got [%d] members\n", *num_uids));
setpwent();
while ((pwd=getpwent()) != NULL) {
if (pwd->pw_gid==gid) {
(*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
(*uid)[*num_uids]=pwd->pw_uid;
(*num_uids)++;
}
}
endpwent();
DEBUG(10, ("got primary groups, members: [%d]\n", *num_uids));
return True;
}
/****************************************************************************
Create a UNIX group on demand.
****************************************************************************/
int smb_create_group(char *unix_group)
{
pstring add_script;
int ret;
pstrcpy(add_script, lp_addgroup_script());
if (! *add_script) return -1;
pstring_sub(add_script, "%g", unix_group);
ret = smbrun(add_script,NULL,False);
DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
return ret;
}
/****************************************************************************
Delete a UNIX group on demand.
****************************************************************************/
int smb_delete_group(char *unix_group)
{
pstring del_script;
int ret;
pstrcpy(del_script, lp_delgroup_script());
if (! *del_script) return -1;
pstring_sub(del_script, "%g", unix_group);
ret = smbrun(del_script,NULL,False);
DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
return ret;
}
/****************************************************************************
Create a UNIX group on demand.
****************************************************************************/
int smb_add_user_group(char *unix_group, char *unix_user)
{
pstring add_script;
int ret;
pstrcpy(add_script, lp_addusertogroup_script());
if (! *add_script) return -1;
pstring_sub(add_script, "%g", unix_group);
pstring_sub(add_script, "%u", unix_user);
ret = smbrun(add_script,NULL,False);
DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
return ret;
}
/****************************************************************************
Delete a UNIX group on demand.
****************************************************************************/
int smb_delete_user_group(char *unix_group, char *unix_user)
{
pstring del_script;
int ret;
pstrcpy(del_script, lp_deluserfromgroup_script());
if (! *del_script) return -1;
pstring_sub(del_script, "%g", unix_group);
pstring_sub(del_script, "%u", unix_user);
ret = smbrun(del_script,NULL,False);
DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
return ret;
}

2
source3/include/includes.h
View File

@ -638,6 +638,8 @@ extern int errno;
#include "profile.h"
#include "mapping.h"
#ifndef MAXCODEPAGELINES
#define MAXCODEPAGELINES 256
#endif

44
source3/include/mapping.h Normal file
View File

@ -0,0 +1,44 @@
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-2000,
* Copyright (C) Jean François Micouleau 1998-2001.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
typedef struct _GROUP_MAP {
gid_t gid;
DOM_SID sid;
enum SID_NAME_USE sid_name_use;
fstring nt_name;
fstring comment;
uint32 privilege;
} GROUP_MAP;
typedef struct _PRIVS {
uint32 se_priv;
char *priv;
char *description;
} PRIVS;
#define SE_PRIV_NONE 0x0000
#define SE_PRIV_ADD_USERS 0x0001
#define SE_PRIV_ADD_MACHINES 0x0002
#define SE_PRIV_PRINT_OPERATOR 0x0004
#define SE_PRIV_ALL 0xffff
#define PRIV_ALL_INDEX 4

949
source3/include/proto.h
View File

File diff suppressed because it is too large Load Diff

15
source3/param/loadparm.c
View File

@ -163,6 +163,10 @@ typedef struct
char *szPanicAction;
char *szAddUserScript;
char *szDelUserScript;
char *szAddGroupScript;
char *szDelGroupScript;
char *szAddUserToGroupScript;
char *szDelUserToGroupScript;
char *szWINSHook;
#ifdef WITH_UTMP
char *szUtmpDir;
@ -891,6 +895,11 @@ static struct parm_struct parm_table[] = {
{"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0},
{"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0},
{"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0},
{"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, 0},
{"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, 0},
{"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserToGroupScript, NULL, NULL, 0},
{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, FLAG_DOS_STRING},
{"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, FLAG_DOS_STRING},
{"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0},
@ -1464,6 +1473,12 @@ FN_GLOBAL_STRING(lp_netbios_aliases, &Globals.szNetbiosAliases)
FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
FN_GLOBAL_STRING(lp_deluserfromgroup_script, &Globals.szDelUserToGroupScript)
FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
FN_GLOBAL_STRING(lp_domain_groups, &Globals.szDomainGroups)
FN_GLOBAL_STRING(lp_domain_admin_group, &Globals.szDomainAdminGroup)

155
source3/rpc_server/srv_samr.c
View File

@ -5,7 +5,7 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
* Copyright (C) Marc Jacobsen 1999.
* Copyright (C) Marc Jacobsen 1999.
*
* Split into interface and implementation modules by,
*
@ -110,13 +110,17 @@ static BOOL api_samr_get_usrdom_pwinfo(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0))
if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) {
DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to unmarshall SAMR_Q_GET_USRDOM_PWINFO.\n"));
return False;
}
r_u.status = _samr_get_usrdom_pwinfo(p, &q_u, &r_u);
if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0))
if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to marshall SAMR_R_GET_USRDOM_PWINFO.\n"));
return False;
}
return True;
}
@ -136,13 +140,17 @@ static BOOL api_samr_query_sec_obj(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
if(!samr_io_q_query_sec_obj("", &q_u, data, 0))
if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_sec_obj: unable to unmarshall SAMR_Q_QUERY_SEC_OBJ.\n"));
return False;
}
r_u.status = _samr_query_sec_obj(p, &q_u, &r_u);
if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0))
if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_sec_obj: unable to marshall SAMR_R_QUERY_SEC_OBJ.\n"));
return False;
}
return True;
}
@ -162,14 +170,18 @@ static BOOL api_samr_enum_dom_users(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr open */
if(!samr_io_q_enum_dom_users("", &q_u, data, 0))
if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) {
DEBUG(0,("api_samr_enum_dom_users: unable to unmarshall SAMR_Q_ENUM_DOM_USERS.\n"));
return False;
}
r_u.status = _samr_enum_dom_users(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0))
if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_enum_dom_users: unable to marshall SAMR_R_ENUM_DOM_USERS.\n"));
return False;
}
return True;
}
@ -189,14 +201,18 @@ static BOOL api_samr_enum_dom_groups(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr open */
if(!samr_io_q_enum_dom_groups("", &q_u, data, 0))
if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) {
DEBUG(0,("api_samr_enum_dom_groups: unable to unmarshall SAMR_Q_ENUM_DOM_GROUPS.\n"));
return False;
}
r_u.status = _samr_enum_dom_groups(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0))
if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_enum_dom_groups: unable to marshall SAMR_R_ENUM_DOM_GROUPS.\n"));
return False;
}
return True;
}
@ -216,14 +232,18 @@ static BOOL api_samr_enum_dom_aliases(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr open */
if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0))
if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) {
DEBUG(0,("api_samr_enum_dom_aliases: unable to unmarshall SAMR_Q_ENUM_DOM_ALIASES.\n"));
return False;
}
r_u.status = _samr_enum_dom_aliases(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0))
if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_enum_dom_aliases: unable to marshall SAMR_R_ENUM_DOM_ALIASES.\n"));
return False;
}
return True;
}
@ -242,14 +262,18 @@ static BOOL api_samr_query_dispinfo(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
if(!samr_io_q_query_dispinfo("", &q_u, data, 0))
if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_dispinfo: unable to unmarshall SAMR_Q_QUERY_DISPINFO.\n"));
return False;
}
r_u.status = _samr_query_dispinfo(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0))
if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_dispinfo: unable to marshall SAMR_R_QUERY_DISPINFO.\n"));
return False;
}
return True;
}
@ -269,14 +293,18 @@ static BOOL api_samr_query_aliasinfo(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr open */
if(!samr_io_q_query_aliasinfo("", &q_u, data, 0))
if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_aliasinfo: unable to unmarshall SAMR_Q_QUERY_ALIASINFO.\n"));
return False;
}
r_u.status = _samr_query_aliasinfo(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0))
if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_aliasinfo: unable to marshall SAMR_R_QUERY_ALIASINFO.\n"));
return False;
}
return True;
}
@ -296,14 +324,18 @@ static BOOL api_samr_lookup_names(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr lookup names */
if(!samr_io_q_lookup_names("", &q_u, data, 0))
if(!samr_io_q_lookup_names("", &q_u, data, 0)) {
DEBUG(0,("api_samr_lookup_names: unable to unmarshall SAMR_Q_LOOKUP_NAMES.\n"));
return False;
}
r_u.status = _samr_lookup_names(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_lookup_names("", &r_u, rdata, 0))
if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_lookup_names: unable to marshall SAMR_R_LOOKUP_NAMES.\n"));
return False;
}
return True;
}
@ -354,14 +386,18 @@ static BOOL api_samr_lookup_rids(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr lookup names */
if(!samr_io_q_lookup_rids("", &q_u, data, 0))
if(!samr_io_q_lookup_rids("", &q_u, data, 0)) {
DEBUG(0,("api_samr_lookup_rids: unable to unmarshall SAMR_Q_LOOKUP_RIDS.\n"));
return False;
}
r_u.status = _samr_lookup_rids(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_lookup_rids("", &r_u, rdata, 0))
if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_lookup_rids: unable to marshall SAMR_R_LOOKUP_RIDS.\n"));
return False;
}
return True;
}
@ -381,16 +417,18 @@ static BOOL api_samr_open_user(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr unknown 22 */
if(!samr_io_q_open_user("", &q_u, data, 0))
if(!samr_io_q_open_user("", &q_u, data, 0)) {
DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n"));
return False;
}
r_u.status = _api_samr_open_user(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_open_user("", &r_u, rdata, 0))
if(!samr_io_r_open_user("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_open_user: unable to marshall SAMR_R_OPEN_USER.\n"));
return False;
DEBUG(5,("samr_open_user: %d\n", __LINE__));
}
return True;
}
@ -410,14 +448,18 @@ static BOOL api_samr_query_userinfo(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr unknown 24 */
if(!samr_io_q_query_userinfo("", &q_u, data, 0))
if(!samr_io_q_query_userinfo("", &q_u, data, 0)){
DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n"));
return False;
}
r_u.status = _samr_query_userinfo(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_query_userinfo("", &r_u, rdata, 0))
if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n"));
return False;
}
return True;
}
@ -437,13 +479,16 @@ static BOOL api_samr_query_usergroups(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr unknown 32 */
if(!samr_io_q_query_usergroups("", &q_u, data, 0))
if(!samr_io_q_query_usergroups("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n"));
return False;
}
r_u.status = _samr_query_usergroups(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.\n"));
return False;
}
@ -465,16 +510,18 @@ static BOOL api_samr_query_dom_info(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr unknown 8 command */
if(!samr_io_q_query_dom_info("", &q_u, data, 0))
if(!samr_io_q_query_dom_info("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n"));
return False;
}
r_u.status = _samr_query_dom_info(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_query_dom_info("", &r_u, rdata, 0))
if(!samr_io_r_query_dom_info("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_dom_info: unable to marshall SAMR_R_QUERY_DOMAIN_INFO.\n"));
return False;
DEBUG(5,("api_samr_query_dom_info: %d\n", __LINE__));
}
return True;
}
@ -526,14 +573,18 @@ static BOOL api_samr_connect_anon(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr open policy */
if(!samr_io_q_connect_anon("", &q_u, data, 0))
if(!samr_io_q_connect_anon("", &q_u, data, 0)) {
DEBUG(0,("api_samr_connect_anon: unable to unmarshall SAMR_Q_CONNECT_ANON.\n"));
return False;
}
r_u.status = _samr_connect_anon(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_connect_anon("", &r_u, rdata, 0))
if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_connect_anon: unable to marshall SAMR_R_CONNECT_ANON.\n"));
return False;
}
return True;
}
@ -553,14 +604,18 @@ static BOOL api_samr_connect(pipes_struct *p)
ZERO_STRUCT(r_u);
/* grab the samr open policy */
if(!samr_io_q_connect("", &q_u, data, 0))
if(!samr_io_q_connect("", &q_u, data, 0)) {
DEBUG(0,("api_samr_connect: unable to unmarshall SAMR_Q_CONNECT.\n"));
return False;
}
r_u.status = _samr_connect(p, &q_u, &r_u);
/* store the response in the SMB stream */
if(!samr_io_r_connect("", &r_u, rdata, 0))
if(!samr_io_r_connect("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_connect: unable to marshall SAMR_R_CONNECT.\n"));
return False;
}
return True;
}
@ -759,12 +814,14 @@ static BOOL api_samr_query_aliasmem(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_query_aliasmem("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_aliasmem: unable to unmarshall SAMR_Q_QUERY_ALIASMEM.\n"));
return False;
}
r_u.status = _samr_query_aliasmem(p, &q_u, &r_u);
if (!samr_io_r_query_aliasmem("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_aliasmem: unable to marshall SAMR_R_QUERY_ALIASMEM.\n"));
return False;
}
@ -787,12 +844,14 @@ static BOOL api_samr_query_groupmem(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_query_groupmem("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_groupmem: unable to unmarshall SAMR_Q_QUERY_GROUPMEM.\n"));
return False;
}
r_u.status = _samr_query_groupmem(p, &q_u, &r_u);
if (!samr_io_r_query_groupmem("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_groupmem: unable to marshall SAMR_R_QUERY_GROUPMEM.\n"));
return False;
}
@ -815,12 +874,14 @@ static BOOL api_samr_add_aliasmem(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_add_aliasmem("", &q_u, data, 0)) {
DEBUG(0,("api_samr_add_aliasmem: unable to unmarshall SAMR_Q_ADD_ALIASMEM.\n"));
return False;
}
r_u.status = _samr_add_aliasmem(p, &q_u, &r_u);
if (!samr_io_r_add_aliasmem("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_add_aliasmem: unable to marshall SAMR_R_ADD_ALIASMEM.\n"));
return False;
}
@ -843,12 +904,14 @@ static BOOL api_samr_del_aliasmem(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_del_aliasmem("", &q_u, data, 0)) {
DEBUG(0,("api_samr_del_aliasmem: unable to unmarshall SAMR_Q_DEL_ALIASMEM.\n"));
return False;
}
r_u.status = _samr_del_aliasmem(p, &q_u, &r_u);
if (!samr_io_r_del_aliasmem("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_del_aliasmem: unable to marshall SAMR_R_DEL_ALIASMEM.\n"));
return False;
}
@ -871,12 +934,14 @@ static BOOL api_samr_add_groupmem(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_add_groupmem("", &q_u, data, 0)) {
DEBUG(0,("api_samr_add_groupmem: unable to unmarshall SAMR_Q_ADD_GROUPMEM.\n"));
return False;
}
r_u.status = _samr_add_groupmem(p, &q_u, &r_u);
if (!samr_io_r_add_groupmem("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_add_groupmem: unable to marshall SAMR_R_ADD_GROUPMEM.\n"));
return False;
}
@ -899,12 +964,14 @@ static BOOL api_samr_del_groupmem(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_del_groupmem("", &q_u, data, 0)) {
DEBUG(0,("api_samr_del_groupmem: unable to unmarshall SAMR_Q_DEL_GROUPMEM.\n"));
return False;
}
r_u.status = _samr_del_groupmem(p, &q_u, &r_u);
if (!samr_io_r_del_groupmem("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_del_groupmem: unable to marshall SAMR_R_DEL_GROUPMEM.\n"));
return False;
}
@ -927,12 +994,14 @@ static BOOL api_samr_delete_dom_user(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_delete_dom_user("", &q_u, data, 0)) {
DEBUG(0,("api_samr_delete_dom_user: unable to unmarshall SAMR_Q_DELETE_DOM_USER.\n"));
return False;
}
r_u.status = _samr_delete_dom_user(p, &q_u, &r_u);
if (!samr_io_r_delete_dom_user("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_delete_dom_user: unable to marshall SAMR_R_DELETE_DOM_USER.\n"));
return False;
}
@ -955,12 +1024,14 @@ static BOOL api_samr_delete_dom_group(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_delete_dom_group("", &q_u, data, 0)) {
DEBUG(0,("api_samr_delete_dom_group: unable to unmarshall SAMR_Q_DELETE_DOM_GROUP.\n"));
return False;
}
r_u.status = _samr_delete_dom_group(p, &q_u, &r_u);
if (!samr_io_r_delete_dom_group("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_delete_dom_group: unable to marshall SAMR_R_DELETE_DOM_GROUP.\n"));
return False;
}
@ -983,12 +1054,14 @@ static BOOL api_samr_delete_dom_alias(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_delete_dom_alias("", &q_u, data, 0)) {
DEBUG(0,("api_samr_delete_dom_alias: unable to unmarshall SAMR_Q_DELETE_DOM_ALIAS.\n"));
return False;
}
r_u.status = _samr_delete_dom_alias(p, &q_u, &r_u);
if (!samr_io_r_delete_dom_alias("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_delete_dom_alias: unable to marshall SAMR_R_DELETE_DOM_ALIAS.\n"));
return False;
}
@ -1011,12 +1084,14 @@ static BOOL api_samr_create_dom_group(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_create_dom_group("", &q_u, data, 0)) {
DEBUG(0,("api_samr_create_dom_group: unable to unmarshall SAMR_Q_CREATE_DOM_GROUP.\n"));
return False;
}
r_u.status = _samr_create_dom_group(p, &q_u, &r_u);
if (!samr_io_r_create_dom_group("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_create_dom_group: unable to marshall SAMR_R_CREATE_DOM_GROUP.\n"));
return False;
}
@ -1039,12 +1114,14 @@ static BOOL api_samr_create_dom_alias(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_create_dom_alias("", &q_u, data, 0)) {
DEBUG(0,("api_samr_create_dom_alias: unable to unmarshall SAMR_Q_CREATE_DOM_ALIAS.\n"));
return False;
}
r_u.status = _samr_create_dom_alias(p, &q_u, &r_u);
if (!samr_io_r_create_dom_alias("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_create_dom_alias: unable to marshall SAMR_R_CREATE_DOM_ALIAS.\n"));
return False;
}
@ -1067,12 +1144,14 @@ static BOOL api_samr_query_groupinfo(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_query_groupinfo("", &q_u, data, 0)) {
DEBUG(0,("api_samr_query_groupinfo: unable to unmarshall SAMR_Q_QUERY_GROUPINFO.\n"));
return False;
}
r_u.status = _samr_query_groupinfo(p, &q_u, &r_u);
if (!samr_io_r_query_groupinfo("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_query_groupinfo: unable to marshall SAMR_R_QUERY_GROUPINFO.\n"));
return False;
}
@ -1095,12 +1174,14 @@ static BOOL api_samr_set_groupinfo(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_set_groupinfo("", &q_u, data, 0)) {
DEBUG(0,("api_samr_set_groupinfo: unable to unmarshall SAMR_Q_SET_GROUPINFO.\n"));
return False;
}
r_u.status = _samr_set_groupinfo(p, &q_u, &r_u);
if (!samr_io_r_set_groupinfo("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_set_groupinfo: unable to marshall SAMR_R_SET_GROUPINFO.\n"));
return False;
}
@ -1123,12 +1204,14 @@ static BOOL api_samr_get_dom_pwinfo(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_get_dom_pwinfo("", &q_u, data, 0)) {
DEBUG(0,("api_samr_get_dom_pwinfo: unable to unmarshall SAMR_Q_GET_DOM_PWINFO.\n"));
return False;
}
r_u.status = _samr_get_dom_pwinfo(p, &q_u, &r_u);
if (!samr_io_r_get_dom_pwinfo("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_get_dom_pwinfo: unable to marshall SAMR_R_GET_DOM_PWINFO.\n"));
return False;
}
@ -1151,12 +1234,14 @@ static BOOL api_samr_open_group(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_open_group("", &q_u, data, 0)) {
DEBUG(0,("api_samr_open_group: unable to unmarshall SAMR_Q_OPEN_GROUP.\n"));
return False;
}
r_u.status = _samr_open_group(p, &q_u, &r_u);
if (!samr_io_r_open_group("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_open_group: unable to marshall SAMR_R_OPEN_GROUP.\n"));
return False;
}
@ -1179,12 +1264,14 @@ static BOOL api_samr_unknown_2d(pipes_struct *p)
ZERO_STRUCT(r_u);
if (!samr_io_q_unknown_2d("", &q_u, data, 0)) {
DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n"));
return False;
}
r_u.status = _samr_unknown_2d(p, &q_u, &r_u);
if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) {
DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n"));
return False;
}

451
source3/rpc_server/srv_samr_nt.c
View File

@ -5,7 +5,7 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
* Copyright (C) Marc Jacobsen 1999.
* Copyright (C) Marc Jacobsen 1999.
* Copyright (C) Jeremy Allison 2001.
*
* This program is free software; you can redistribute it and/or modify
@ -34,6 +34,7 @@ extern int DEBUGLEVEL;
extern fstring global_myworkgroup;
extern pstring global_myname;
extern DOM_SID global_sam_sid;
extern DOM_SID global_sid_Builtin;
extern rid_name domain_group_rids[];
extern rid_name domain_alias_rids[];
@ -546,7 +547,6 @@ uint32 _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, S
static uint32 samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SID *usr_sid)
{
extern DOM_SID global_sid_Builtin;
extern DOM_SID global_sid_World;
DOM_SID adm_sid;
DOM_SID act_sid;
@ -1251,8 +1251,8 @@ static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring nam
UNIHDR **pp_hdr_name, UNISTR2 **pp_uni_name)
{
uint32 i;
UNIHDR *hdr_name;
UNISTR2 *uni_name;
UNIHDR *hdr_name=NULL;
UNISTR2 *uni_name=NULL;
*pp_uni_name = NULL;
*pp_hdr_name = NULL;
@ -2306,8 +2306,22 @@ uint32 _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SE
uint32 _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u)
{
DEBUG(0,("_samr_query_useraliases: Not yet implemented.\n"));
return False;
uint32 *rid=NULL;
int num_rids;
num_rids = 1;
rid=(uint32 *)talloc(p->mem_ctx, num_rids*sizeof(uint32));
if (rid==NULL)
return NT_STATUS_NO_MEMORY;
/* until i see a real useraliases query, we fack one up */
rid[0] = BUILTIN_ALIAS_RID_USERS;
init_samr_r_query_useraliases(r_u, num_rids, rid, NT_STATUS_NO_PROBLEMO);
return NT_STATUS_NO_PROBLEMO;
}
/*********************************************************************
@ -2316,8 +2330,61 @@ uint32 _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, S
uint32 _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_QUERY_ALIASMEM *r_u)
{
DEBUG(0,("_samr_query_aliasmem: Not yet implemented.\n"));
return False;
int i;
GROUP_MAP map;
int num_uids = 0;
DOM_SID2 *sid;
uid_t *uid=NULL;
DOM_SID alias_sid;
DOM_SID als_sid;
uint32 alias_rid;
fstring alias_sid_str;
DOM_SID temp_sid;
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid))
return NT_STATUS_INVALID_HANDLE;
sid_copy(&als_sid, &alias_sid);
sid_to_string(alias_sid_str, &alias_sid);
sid_split_rid(&alias_sid, &alias_rid);
DEBUG(10, ("sid is %s\n", alias_sid_str));
if (sid_equal(&alias_sid, &global_sid_Builtin)) {
DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
if(!get_builtin_group_from_sid(als_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
if (sid_equal(&alias_sid, &global_sam_sid)) {
DEBUG(10, ("lookup on Server SID\n"));
if(!get_local_group_from_sid(als_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
}
}
if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
return NT_STATUS_NO_SUCH_ALIAS;
DEBUG(10, ("sid is %s\n", alias_sid_str));
sid = (DOM_SID2 *)talloc(p->mem_ctx, sizeof(DOM_SID2) * num_uids);
if (sid == NULL)
return NT_STATUS_NO_SUCH_ALIAS;
for (i = 0; i < num_uids; i++) {
sid_copy(&temp_sid, &global_sam_sid);
sid_append_rid(&temp_sid, pdb_uid_to_user_rid(uid[i]));
init_dom_sid2(&sid[i], &temp_sid);
}
DEBUG(10, ("sid is %s\n", alias_sid_str));
init_samr_r_query_aliasmem(r_u, num_uids, sid, NT_STATUS_NO_PROBLEMO);
return NT_STATUS_NOPROBLEMO;
}
/*********************************************************************
@ -2326,8 +2393,56 @@ uint32 _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_
uint32 _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u)
{
DEBUG(0,("_samr_query_groupmem: Not yet implemented.\n"));
return False;
int num_uids = 0;
int i;
DOM_SID group_sid;
uint32 group_rid;
fstring group_sid_str;
uid_t *uid=NULL;
GROUP_MAP map;
uint32 *rid=NULL;
uint32 *attr=NULL;
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid))
return NT_STATUS_INVALID_HANDLE;
/* todo: change to use sid_compare_front */
sid_split_rid(&group_sid, &group_rid);
sid_to_string(group_sid_str, &group_sid);
DEBUG(10, ("sid is %s\n", group_sid_str));
/* can we get a query for an SID outside our domain ? */
if (!sid_equal(&group_sid, &global_sam_sid))
return NT_STATUS_NO_SUCH_GROUP;
sid_append_rid(&group_sid, group_rid);
DEBUG(10, ("lookup on Domain SID\n"));
if(!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
return NT_STATUS_NO_SUCH_GROUP;
rid=talloc(p->mem_ctx, sizeof(uint32)*num_uids);
attr=talloc(p->mem_ctx, sizeof(uint32)*num_uids);
if (rid==NULL || attr==NULL)
return NT_STATUS_NO_MEMORY;
for (i=0; i<num_uids; i++) {
rid[i]=pdb_uid_to_user_rid(uid[i]);
attr[i] = SID_NAME_USER;
}
init_samr_r_query_groupmem(r_u, num_uids, rid, attr, NT_STATUS_NOPROBLEMO);
return NT_STATUS_NOPROBLEMO;
}
/*********************************************************************
@ -2336,8 +2451,64 @@ uint32 _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_
uint32 _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u)
{
DEBUG(0,("_samr_add_aliasmem: Not yet implemented.\n"));
return False;
DOM_SID alias_sid;
fstring alias_sid_str;
uid_t uid;
struct passwd *pwd;
struct group *grp;
fstring grp_name;
uint32 rid;
GROUP_MAP map;
/* Find the policy handle. Open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid))
return NT_STATUS_INVALID_HANDLE;
sid_to_string(alias_sid_str, &alias_sid);
DEBUG(10, ("sid is %s\n", alias_sid_str));
if (sid_compare(&alias_sid, &global_sam_sid)>0) {
DEBUG(10, ("adding member on Server SID\n"));
if(!get_local_group_from_sid(alias_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
if (sid_compare(&alias_sid, &global_sid_Builtin)>0) {
DEBUG(10, ("adding member on BUILTIN SID\n"));
if( !get_builtin_group_from_sid(alias_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
} else
return NT_STATUS_NO_SUCH_ALIAS;
}
sid_split_rid(&q_u->sid.sid, &rid);
uid=pdb_user_rid_to_uid(rid);
if ((pwd=getpwuid(uid)) == NULL)
return NT_STATUS_NO_SUCH_USER;
if ((grp=getgrgid(map.gid)) == NULL)
return NT_STATUS_NO_SUCH_ALIAS;
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
/* if the user is already in the group */
if(user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_IN_ALIAS;
/*
* ok, the group exist, the user exist, the user is not in the group,
* we can (finally) add it to the group !
*/
smb_add_user_group(grp_name, pwd->pw_name);
/* check if the user has been added then ... */
if(!user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */
return NT_STATUS_NOPROBLEMO;
}
/*********************************************************************
@ -2356,8 +2527,54 @@ uint32 _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_
uint32 _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u)
{
DEBUG(0,("_samr_add_groupmem: Not yet implemented.\n"));
return False;
DOM_SID group_sid;
fstring group_sid_str;
struct passwd *pwd;
struct group *grp;
fstring grp_name;
GROUP_MAP map;
/* Find the policy handle. Open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid))
return NT_STATUS_INVALID_HANDLE;
sid_to_string(group_sid_str, &group_sid);
DEBUG(10, ("sid is %s\n", group_sid_str));
if (sid_compare(&group_sid, &global_sam_sid)<=0)
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10, ("lookup on Domain SID\n"));
if(!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
if ((pwd=getpwuid(pdb_user_rid_to_uid(q_u->rid))) ==NULL)
return NT_STATUS_NO_SUCH_USER;
if ((grp=getgrgid(map.gid)) == NULL)
return NT_STATUS_NO_SUCH_GROUP;
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
/* if the user is already in the group */
if(user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_IN_GROUP;
/*
* ok, the group exist, the user exist, the user is not in the group,
*
* we can (finally) add it to the group !
*/
smb_add_user_group(grp_name, pwd->pw_name);
/* check if the user has been added then ... */
if(!user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */
return NT_STATUS_NOPROBLEMO;
}
/*********************************************************************
@ -2406,8 +2623,55 @@ uint32 _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAM
uint32 _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAMR_R_CREATE_DOM_GROUP *r_u)
{
DEBUG(0,("_samr_create_dom_group: Not yet implemented.\n"));
return False;
DOM_SID dom_sid;
DOM_SID info_sid;
fstring name;
fstring sid_string;
struct group *grp;
struct samr_info *info;
/* Find the policy handle. Open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid))
return NT_STATUS_INVALID_HANDLE;
if (!sid_equal(&dom_sid, &global_sam_sid))
return NT_STATUS_ACCESS_DENIED;
/* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/
unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
/* check if group already exist */
if ((grp=getgrnam(name)) != NULL)
return NT_STATUS_GROUP_EXISTS;
/* we can create the UNIX group */
smb_create_group(name);
/* check if the group has been successfully created */
if ((grp=getgrnam(name)) == NULL)
return NT_STATUS_ACCESS_DENIED;
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
/* add the group to the mapping table */
if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL, SE_PRIV_NONE))
return NT_STATUS_ACCESS_DENIED;
if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL)
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
sid_copy(&info_sid, &global_sam_sid);
sid_append_rid(&info->sid, r_u->rid);
sid_to_string(sid_string, &info->sid);
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_NOPROBLEMO;
}
/*********************************************************************
@ -2416,28 +2680,137 @@ uint32 _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAM
uint32 _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u)
{
DEBUG(0,("_samr_create_dom_alias: Not yet implemented.\n"));
return False;
DOM_SID dom_sid;
fstring name;
fstring sid_string;
struct group *grp;
struct samr_info *info;
/* Find the policy handle. Open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid))
return NT_STATUS_INVALID_HANDLE;
if (!sid_equal(&dom_sid, &global_sam_sid))
return NT_STATUS_ACCESS_DENIED;
/* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/
unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
/* check if group already exists */
if ( (grp=getgrnam(name)) != NULL)
return NT_STATUS_GROUP_EXISTS;
/* we can create the UNIX group */
smb_create_group(name);
/* check if the group has been successfully created */
if ((grp=getgrnam(name)) == NULL)
return NT_STATUS_ACCESS_DENIED;
r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
/* add the group to the mapping table */
if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, NULL, NULL, SE_PRIV_NONE))
return NT_STATUS_ACCESS_DENIED;
if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL)
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
sid_copy(&info->sid, &global_sam_sid);
sid_append_rid(&info->sid, r_u->rid);
sid_to_string(sid_string, &info->sid);
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_NOPROBLEMO;
}
/*********************************************************************
_samr_query_groupinfo
sends the name/comment pair of a domain group
level 1 send also the number of users of that group
*********************************************************************/
uint32 _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u)
{
DEBUG(0,("_samr_query_groupinfo: Not yet implemented.\n"));
return False;
DOM_SID group_sid;
GROUP_MAP map;
uid_t *uid;
int num_uids=0;
GROUP_INFO_CTR *ctr;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid))
return NT_STATUS_INVALID_HANDLE;
if (!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_INVALID_HANDLE;
ctr=(GROUP_INFO_CTR *)talloc(p->mem_ctx, sizeof(GROUP_INFO_CTR));
if (ctr==NULL)
return NT_STATUS_NO_MEMORY;
switch (q_u->switch_level) {
case 1:
ctr->switch_value1 = 1;
if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
return NT_STATUS_NO_SUCH_GROUP;
init_samr_group_info1(&ctr->group.info1, map.nt_name, map.comment, num_uids);
safe_free(uid);
break;
case 4:
ctr->switch_value1 = 4;
init_samr_group_info4(&ctr->group.info4, map.comment);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
init_samr_r_query_groupinfo(r_u, ctr, NT_STATUS_NO_PROBLEMO);
return NT_STATUS_NO_PROBLEMO;
}
/*********************************************************************
_samr_set_groupinfo
update a domain group's comment.
*********************************************************************/
uint32 _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u)
{
DEBUG(0,("_samr_set_groupinfo: Not yet implemented.\n"));
return False;
DOM_SID group_sid;
GROUP_MAP map;
GROUP_INFO_CTR *ctr;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid))
return NT_STATUS_INVALID_HANDLE;
if (!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
ctr=q_u->ctr;
switch (ctr->switch_value1) {
case 1:
unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1);
break;
case 4:
unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
if(!add_mapping_entry(&map, TDB_REPLACE))
return NT_STATUS_NO_SUCH_GROUP;
return NT_STATUS_NO_PROBLEMO;
}
/*********************************************************************
@ -2456,8 +2829,38 @@ uint32 _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_
uint32 _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u)
{
DEBUG(0,("_samr_open_group: Not yet implemented.\n"));
return False;
DOM_SID sid;
GROUP_MAP map;
struct samr_info *info;
fstring sid_string;
if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid))
return NT_STATUS_INVALID_HANDLE;
/* this should not be hard-coded like this */
if (!sid_equal(&sid, &global_sam_sid))
return NT_STATUS_ACCESS_DENIED;
if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL)
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
sid_copy(&info->sid, &global_sam_sid);
sid_append_rid(&info->sid, q_u->rid_group);
sid_to_string(sid_string, &info->sid);
DEBUG(10, ("Opening SID: %s\n", sid_string));
/* check if that group really exists */
if (!get_domain_group_from_sid(info->sid, &map))
return NT_STATUS_NO_SUCH_USER;
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_NO_PROBLEMO;
}
/*********************************************************************

5
source3/smbd/server.c
View File

@ -772,6 +772,11 @@ static void usage(char *pname)
/* possibly reload the services file. */
reload_services(True);
if (init_group_mapping()==False) {
printf("Could not open tdb mapping file.\n");
return 0;
}
if(!pdb_generate_sam_sid()) {
DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
exit(1);

341
source3/utils/smbgroupedit.c Normal file
View File

@ -0,0 +1,341 @@
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-2000,
* Copyright (C) Jean François Micouleau 1998-2001.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
extern pstring global_myname;
extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
/*
* Next two lines needed for SunOS and don't
* hurt anything else...
*/
extern char *optarg;
extern int optind;
/*********************************************************
Print command usage on stderr and die.
**********************************************************/
static void usage(void)
{
if (getuid() == 0) {
printf("groupedit options\n");
} else {
printf("You need to be root to use this tool!\n");
}
printf("options:\n");
printf(" -a group create new group\n");
printf(" -n group NT group name\n");
printf(" -p privilege only local\n");
printf(" -v list groups\n");
printf(" -c SID change group\n");
printf(" -x group delete this group\n");
printf("\n");
printf(" -t[b|d|l] type: builtin, domain, local \n");
exit(1);
}
/*********************************************************
add a group.
**********************************************************/
int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege)
{
uint32 se_priv;
gid_t gid;
DOM_SID sid;
fstring string_sid;
fstring name, comment;
/* convert_priv_from_text(&se_priv, privilege);*/
se_priv=0xff;
gid=nametogid(group);
if (gid==-1)
return -1;
local_gid_to_sid(&sid, gid);
sid_to_string(string_sid, &sid);
if (ntgroup==NULL)
fstrcpy(name, group);
else
fstrcpy(name, ntgroup);
if (ntcomment==NULL)
fstrcpy(comment, "Local Unix group");
else
fstrcpy(comment, ntcomment);
if(add_initial_entry(gid, string_sid, sid_type, group, comment, se_priv))
return 0;
}
/*********************************************************
Change a group.
**********************************************************/
int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char *groupdesc, char *privilege)
{
DOM_SID sid;
GROUP_MAP map;
gid_t gid;
uint32 se_priv;
string_to_sid(&sid, sid_string);
/* Get the current mapping from the database */
if(!get_group_map_from_sid(sid, &map)) {
printf("This SID does not exist in the database\n");
return -1;
}
/* If a new Unix group is specified, check and change */
if (group!=NULL) {
gid=nametogid(group);
if (gid==-1) {
printf("The UNIX group does not exist\n");
return -1;
} else
map.gid=gid;
}
/*
* Allow changing of group type only between domain and local
* We disallow changing Builtin groups !!! (SID problem)
*/
if (sid_type==SID_NAME_ALIAS || sid_type==SID_NAME_DOM_GRP)
if (map.sid_name_use==SID_NAME_ALIAS || map.sid_name_use==SID_NAME_DOM_GRP)
map.sid_name_use=sid_type;
/* Change comment if new one */
if (groupdesc!=NULL)
fstrcpy(map.comment, groupdesc);
/* Change the privilege if new one */
if (privilege!=NULL) {
convert_priv_from_text(&se_priv, privilege);
map.privilege=se_priv;
}
if (!add_mapping_entry(&map, TDB_REPLACE)) {
printf("Count not update group database\n");
return -1;
}
}
/*********************************************************
List the groups.
**********************************************************/
int deletegroup(char *group)
{
uint32 se_priv;
/* convert_priv(&se_priv, privilege);*/
/* if(add_initial_entry(gid, sid, type, ntgroup, "", se_priv))
return 0;
*/
}
/*********************************************************
List the groups.
**********************************************************/
int listgroup(enum SID_NAME_USE sid_type)
{
int entries,i;
GROUP_MAP *map=NULL;
fstring string_sid;
fstring group_type;
fstring priv_text;
printf("Unix\tSID\ttype\tnt name\tnt comment\tprivilege\n");
if (enum_group_mapping(sid_type, &map, &entries)==False)
return 0;
for (i=0; i<entries; i++) {
decode_sid_name_use(group_type, (map[i]).sid_name_use);
sid_to_string(string_sid, &map[i].sid);
convert_priv_to_text(map[i].privilege, priv_text);
printf("%s\t%s\t%s\n\t%s\t%s\t%s\n\n", gidtoname(map[i].gid), map[i].nt_name, string_sid,
group_type, map[i].comment, priv_text);
}
}
/*********************************************************
Start here.
**********************************************************/
int main (int argc, char **argv)
{
int ch;
static pstring servicesf = CONFIGFILE;
BOOL add_group = False;
BOOL view_group = False;
BOOL change_group = False;
BOOL delete_group = False;
BOOL nt_group = False;
BOOL priv = False;
BOOL group_type = False;
char *group = NULL;
char *sid = NULL;
char *ntgroup = NULL;
char *privilege = NULL;
char *groupt = NULL;
char *group_desc = NULL;
enum SID_NAME_USE sid_type;
TimeInit();
setup_logging("groupedit", True);
charset_initialise();
if (argc < 2) {
usage();
return 0;
}
if(!initialize_password_db(True)) {
fprintf(stderr, "Can't setup password database vectors.\n");
exit(1);
}
if (!lp_load(servicesf,True,False,False)) {
fprintf(stderr, "Can't load %s - run testparm to debug it\n",
servicesf);
exit(1);
}
while ((ch = getopt(argc, argv, "a:c:d:n:p:t:u:vx:")) != EOF) {
switch(ch) {
case 'a':
add_group = True;
group=optarg;
break;
case 'c':
change_group = True;
sid=optarg;
break;
case 'd':
group_desc=optarg;
break;
case 'n':
nt_group = True;
ntgroup=optarg;
break;
case 'p':
priv = True;
privilege=optarg;
break;
case 't':
group_type = True;
groupt=optarg;
break;
case 'u':
group=optarg;
break;
case 'v':
view_group = True;
break;
case 'x':
delete_group = True;
group=optarg;
break;
/*default:
usage();*/
}
}
if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) {
fprintf (stderr, "Incompatible options on command line!\n");
usage();
exit(1);
}
/* no option on command line -> list groups */
if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0)
view_group = True;
if (group_type==False)
sid_type=SID_NAME_UNKNOWN;
else {
switch (groupt[0]) {
case 'l':
case 'L':
sid_type=SID_NAME_ALIAS;
break;
case 'd':
case 'D':
sid_type=SID_NAME_DOM_GRP;
break;
case 'b':
case 'B':
sid_type=SID_NAME_WKN_GRP;
break;
default:
sid_type=SID_NAME_UNKNOWN;
break;
}
}
if (init_group_mapping()==False) {
printf("Could not open tdb mapping file.\n");
return 0;
}
if(pdb_generate_sam_sid()==False) {
printf("Can not read machine SID\n");
return 0;
}
default_group_mapping();
if (add_group)
return addgroup(group, sid_type, ntgroup, group_desc, privilege);
if (view_group)
return listgroup(sid_type);
if (delete_group)
return deletegroup(group);
if (change_group) {
return changegroup(sid, group, sid_type, group_desc, privilege);
}
usage();
return 0;
}