diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c index 225dd25a5e7..9b7669d64f6 100644 --- a/source3/rpc_server/rpc_handles.c +++ b/source3/rpc_server/rpc_handles.c @@ -464,43 +464,6 @@ bool pipe_access_check(struct pipes_struct *p) return True; } -void *_policy_handle_create(struct pipes_struct *p, - struct policy_handle *hnd, - uint8_t handle_type, - size_t data_size, - const char *type, - NTSTATUS *pstatus) -{ - struct dcesrv_handle_old *rpc_hnd = NULL; - void *data; - - if (p->pipe_handles->count > MAX_OPEN_POLS) { - DEBUG(0, ("ERROR: Too many handles (%d) for RPC connection %s\n", - (int) p->pipe_handles->count, - ndr_interface_name(&p->contexts->syntax.uuid, - p->contexts->syntax.if_version))); - - *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; - return NULL; - } - - data = talloc_size(talloc_tos(), data_size); - if (data == NULL) { - *pstatus = NT_STATUS_NO_MEMORY; - return NULL; - } - talloc_set_name_const(data, type); - - rpc_hnd = create_rpc_handle_internal(p, hnd, handle_type, data); - if (rpc_hnd == NULL) { - TALLOC_FREE(data); - *pstatus = NT_STATUS_NO_MEMORY; - return NULL; - } - *pstatus = NT_STATUS_OK; - return data; -} - void *_policy_handle_find(struct pipes_struct *p, const struct policy_handle *hnd, uint8_t handle_type, diff --git a/source3/rpc_server/rpc_pipes.h b/source3/rpc_server/rpc_pipes.h index 478af4b3113..90cd0655f55 100644 --- a/source3/rpc_server/rpc_pipes.h +++ b/source3/rpc_server/rpc_pipes.h @@ -133,16 +133,6 @@ bool close_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd); void close_policy_by_pipe(struct pipes_struct *p); bool pipe_access_check(struct pipes_struct *p); -void *_policy_handle_create(struct pipes_struct *p, - struct policy_handle *hnd, - uint8_t handle_type, - size_t data_size, - const char *type, - NTSTATUS *pstatus); -#define policy_handle_create(_p, _hnd, _hnd_type, _type, _pstatus) \ - (_type *)_policy_handle_create((_p), (_hnd), (_hnd_type), sizeof(_type), #_type, \ - (_pstatus)) - void *_policy_handle_find(struct pipes_struct *p, const struct policy_handle *hnd, uint8_t handle_type, diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c index 208a5b13c9f..b01750501d6 100644 --- a/source3/rpc_server/samr/srv_samr_nt.c +++ b/source3/rpc_server/samr/srv_samr_nt.c @@ -74,29 +74,10 @@ enum samr_handle { SAMR_HANDLE_ALIAS }; -struct samr_connect_info { +struct samr_info { uint32_t access_granted; -}; - -struct samr_domain_info { struct dom_sid sid; struct disp_info *disp_info; - uint32_t access_granted; -}; - -struct samr_user_info { - struct dom_sid sid; - uint32_t access_granted; -}; - -struct samr_group_info { - struct dom_sid sid; - uint32_t access_granted; -}; - -struct samr_alias_info { - struct dom_sid sid; - uint32_t access_granted; }; typedef struct disp_info { @@ -146,6 +127,44 @@ static const struct generic_mapping ali_generic_mapping = { /******************************************************************* *******************************************************************/ +static NTSTATUS create_samr_policy_handle(TALLOC_CTX *mem_ctx, + struct pipes_struct *p, + enum samr_handle type, + uint32_t acc_granted, + struct dom_sid *sid, + struct disp_info *disp_info, + struct policy_handle *handle) +{ + struct samr_info *info = NULL; + bool ok; + + ZERO_STRUCTP(handle); + + info = talloc_zero(mem_ctx, struct samr_info); + if (info == NULL) { + return NT_STATUS_NO_MEMORY; + } + + info->access_granted = acc_granted; + + if (sid != NULL) { + sid_copy(&info->sid, sid); + } + + if (disp_info != NULL) { + info->disp_info = disp_info; + } + + ok = create_policy_hnd(p, handle, type, info); + if (!ok) { + talloc_free(info); + ZERO_STRUCTP(handle); + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + static NTSTATUS samr_handle_access_check(uint32_t access_granted, uint32_t access_required, uint32_t *paccess_granted) @@ -480,20 +499,20 @@ NTSTATUS _samr_Close(struct pipes_struct *p, struct samr_Close *r) NTSTATUS _samr_OpenDomain(struct pipes_struct *p, struct samr_OpenDomain *r) { - struct samr_domain_info *dinfo; - struct samr_connect_info *cinfo = NULL; + struct samr_info *cinfo = NULL; struct security_descriptor *psd = NULL; uint32_t acc_granted; uint32_t des_access = r->in.access_mask; NTSTATUS status; size_t sd_size; uint32_t extra_access = SAMR_DOMAIN_ACCESS_CREATE_USER; + struct disp_info *disp_info = NULL; /* find the connection policy handle. */ cinfo = policy_handle_find(p, r->in.connect_handle, SAMR_HANDLE_CONNECT, - struct samr_connect_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -541,17 +560,18 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, return NT_STATUS_NO_SUCH_DOMAIN; } - dinfo = policy_handle_create(p, - r->out.domain_handle, - SAMR_HANDLE_DOMAIN, - struct samr_domain_info, - &status); + disp_info = get_samr_dispinfo_by_sid(r->in.sid); + + status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_DOMAIN, + acc_granted, + r->in.sid, + disp_info, + r->out.domain_handle); if (!NT_STATUS_IS_OK(status)) { return status; } - dinfo->sid = *r->in.sid; - dinfo->disp_info = get_samr_dispinfo_by_sid(r->in.sid); - dinfo->access_granted = acc_granted; DEBUG(5,("_samr_OpenDomain: %d\n", __LINE__)); @@ -567,7 +587,7 @@ NTSTATUS _samr_GetUserPwInfo(struct pipes_struct *p, { const struct loadparm_substitution *lp_sub = loadparm_s3_global_substitution(); - struct samr_user_info *uinfo; + struct samr_info *uinfo; enum lsa_SidType sid_type; uint32_t min_password_length = 0; uint32_t password_properties = 0; @@ -578,7 +598,7 @@ NTSTATUS _samr_GetUserPwInfo(struct pipes_struct *p, uinfo = policy_handle_find(p, r->in.user_handle, SAMR_HANDLE_USER, - struct samr_user_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -635,7 +655,7 @@ NTSTATUS _samr_GetUserPwInfo(struct pipes_struct *p, NTSTATUS _samr_SetSecurity(struct pipes_struct *p, struct samr_SetSecurity *r) { - struct samr_user_info *uinfo; + struct samr_info *uinfo; uint32_t i; struct security_acl *dacl; bool ret; @@ -644,7 +664,7 @@ NTSTATUS _samr_SetSecurity(struct pipes_struct *p, uinfo = policy_handle_find(p, r->in.handle, SAMR_HANDLE_USER, - struct samr_user_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -742,22 +762,18 @@ static bool check_change_pw_access(TALLOC_CTX *mem_ctx, struct dom_sid *user_sid NTSTATUS _samr_QuerySecurity(struct pipes_struct *p, struct samr_QuerySecurity *r) { - struct samr_domain_info *dinfo; - struct samr_user_info *uinfo; - struct samr_group_info *ginfo; - struct samr_alias_info *ainfo; + struct samr_info *info; NTSTATUS status; struct security_descriptor * psd = NULL; size_t sd_size = 0; struct dom_sid_buf buf; - struct samr_connect_info *cinfo = NULL; NTSTATUS acc_status; - cinfo = policy_handle_find(p, r->in.handle, - SAMR_HANDLE_CONNECT, - struct samr_connect_info, &status); - if (cinfo != NULL) { - acc_status = samr_handle_access_check(cinfo->access_granted, + info = policy_handle_find(p, r->in.handle, + SAMR_HANDLE_CONNECT, + struct samr_info, &status); + if (info != NULL) { + acc_status = samr_handle_access_check(info->access_granted, SEC_STD_READ_CONTROL, NULL); } else { @@ -770,11 +786,11 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p, goto done; } - dinfo = policy_handle_find(p, r->in.handle, - SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); - if (dinfo != NULL) { - acc_status = samr_handle_access_check(dinfo->access_granted, + info = policy_handle_find(p, r->in.handle, + SAMR_HANDLE_DOMAIN, + struct samr_info, &status); + if (info != NULL) { + acc_status = samr_handle_access_check(info->access_granted, SEC_STD_READ_CONTROL, NULL); } else { @@ -783,7 +799,7 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p, if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(acc_status)) { DEBUG(5,("_samr_QuerySecurity: querying security on Domain " "with SID: %s\n", - dom_sid_str_buf(&dinfo->sid, &buf))); + dom_sid_str_buf(&info->sid, &buf))); /* * TODO: Builtin probably needs a different SD with restricted * write access @@ -793,11 +809,11 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p, goto done; } - uinfo = policy_handle_find(p, r->in.handle, + info = policy_handle_find(p, r->in.handle, SAMR_HANDLE_USER, - struct samr_user_info, &status); - if (uinfo != NULL) { - acc_status = samr_handle_access_check(uinfo->access_granted, + struct samr_info, &status); + if (info != NULL) { + acc_status = samr_handle_access_check(info->access_granted, SEC_STD_READ_CONTROL, NULL); } else { @@ -806,26 +822,26 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p, if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(acc_status)) { DEBUG(10,("_samr_QuerySecurity: querying security on user " "Object with SID: %s\n", - dom_sid_str_buf(&uinfo->sid, &buf))); - if (check_change_pw_access(p->mem_ctx, &uinfo->sid)) { + dom_sid_str_buf(&info->sid, &buf))); + if (check_change_pw_access(p->mem_ctx, &info->sid)) { status = make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, - &uinfo->sid, SAMR_USR_RIGHTS_WRITE_PW); + &info->sid, SAMR_USR_RIGHTS_WRITE_PW); } else { status = make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping, - &uinfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW); + &info->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW); } goto done; } - ginfo = policy_handle_find(p, r->in.handle, + info = policy_handle_find(p, r->in.handle, SAMR_HANDLE_GROUP, - struct samr_group_info, &status); - if (ginfo != NULL) { - acc_status = samr_handle_access_check(ginfo->access_granted, + struct samr_info, &status); + if (info != NULL) { + acc_status = samr_handle_access_check(info->access_granted, SEC_STD_READ_CONTROL, NULL); } else { @@ -838,19 +854,19 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p, */ DEBUG(10,("_samr_QuerySecurity: querying security on group " "Object with SID: %s\n", - dom_sid_str_buf(&ginfo->sid, &buf))); + dom_sid_str_buf(&info->sid, &buf))); status = make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping, - &ginfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW); + &info->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW); goto done; } - ainfo = policy_handle_find(p, r->in.handle, + info = policy_handle_find(p, r->in.handle, SAMR_HANDLE_ALIAS, - struct samr_alias_info, &status); - if (ainfo != NULL) { - acc_status = samr_handle_access_check(ainfo->access_granted, + struct samr_info, &status); + if (info != NULL) { + acc_status = samr_handle_access_check(info->access_granted, SEC_STD_READ_CONTROL, NULL); } else { @@ -864,11 +880,11 @@ NTSTATUS _samr_QuerySecurity(struct pipes_struct *p, */ DEBUG(10,("_samr_QuerySecurity: querying security on alias " "Object with SID: %s\n", - dom_sid_str_buf(&ainfo->sid, &buf))); + dom_sid_str_buf(&info->sid, &buf))); status = make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping, - &ainfo->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW); + &info->sid, SAMR_USR_RIGHTS_CANT_WRITE_PW); goto done; } @@ -938,7 +954,7 @@ NTSTATUS _samr_EnumDomainUsers(struct pipes_struct *p, struct samr_EnumDomainUsers *r) { NTSTATUS status; - struct samr_domain_info *dinfo; + struct samr_info *dinfo; int num_account; uint32_t enum_context = *r->in.resume_handle; enum remote_arch_types ra_type = get_remote_arch(); @@ -952,7 +968,7 @@ NTSTATUS _samr_EnumDomainUsers(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1084,7 +1100,7 @@ NTSTATUS _samr_EnumDomainGroups(struct pipes_struct *p, struct samr_EnumDomainGroups *r) { NTSTATUS status; - struct samr_domain_info *dinfo; + struct samr_info *dinfo; struct samr_displayentry *groups; uint32_t num_groups; struct samr_SamArray *samr_array = NULL; @@ -1092,7 +1108,7 @@ NTSTATUS _samr_EnumDomainGroups(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1168,7 +1184,7 @@ NTSTATUS _samr_EnumDomainAliases(struct pipes_struct *p, struct samr_EnumDomainAliases *r) { NTSTATUS status; - struct samr_domain_info *dinfo; + struct samr_info *dinfo; struct samr_displayentry *aliases; uint32_t num_aliases = 0; struct samr_SamArray *samr_array = NULL; @@ -1177,7 +1193,7 @@ NTSTATUS _samr_EnumDomainAliases(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1443,7 +1459,7 @@ NTSTATUS _samr_QueryDisplayInfo(struct pipes_struct *p, struct samr_QueryDisplayInfo *r) { NTSTATUS status; - struct samr_domain_info *dinfo; + struct samr_info *dinfo; uint32_t struct_size=0x20; /* W2K always reply that, client doesn't care */ uint32_t max_entries = r->in.max_entries; @@ -1461,7 +1477,7 @@ NTSTATUS _samr_QueryDisplayInfo(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1706,7 +1722,7 @@ NTSTATUS _samr_QueryDisplayInfo3(struct pipes_struct *p, NTSTATUS _samr_QueryAliasInfo(struct pipes_struct *p, struct samr_QueryAliasInfo *r) { - struct samr_alias_info *ainfo; + struct samr_info *ainfo; struct acct_info *info; NTSTATUS status; union samr_AliasInfo *alias_info = NULL; @@ -1717,7 +1733,7 @@ NTSTATUS _samr_QueryAliasInfo(struct pipes_struct *p, ainfo = policy_handle_find(p, r->in.alias_handle, SAMR_HANDLE_ALIAS, - struct samr_alias_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1782,7 +1798,7 @@ NTSTATUS _samr_QueryAliasInfo(struct pipes_struct *p, NTSTATUS _samr_LookupNames(struct pipes_struct *p, struct samr_LookupNames *r) { - struct samr_domain_info *dinfo; + struct samr_info *dinfo; NTSTATUS status; uint32_t *rid; enum lsa_SidType *type; @@ -1796,7 +1812,7 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2170,7 +2186,7 @@ static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32_t num_names, NTSTATUS _samr_LookupRids(struct pipes_struct *p, struct samr_LookupRids *r) { - struct samr_domain_info *dinfo; + struct samr_info *dinfo; NTSTATUS status; const char **names; enum lsa_SidType *attrs = NULL; @@ -2185,7 +2201,7 @@ NTSTATUS _samr_LookupRids(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2258,8 +2274,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, { struct samu *sampass=NULL; struct dom_sid sid; - struct samr_domain_info *dinfo; - struct samr_user_info *uinfo; + struct samr_info *dinfo; struct security_descriptor *psd = NULL; uint32_t acc_granted; uint32_t des_access = r->in.access_mask; @@ -2276,7 +2291,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2376,16 +2391,16 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, /* If we did the rid admins hack above, allow access. */ acc_granted |= extra_access; - uinfo = policy_handle_create(p, - r->out.user_handle, - SAMR_HANDLE_USER, - struct samr_user_info, - &nt_status); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; + status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_USER, + acc_granted, + &sid, + NULL, + r->out.user_handle); + if (!NT_STATUS_IS_OK(status)) { + return status; } - uinfo->sid = sid; - uinfo->access_granted = acc_granted; return NT_STATUS_OK; } @@ -3019,7 +3034,7 @@ NTSTATUS _samr_QueryUserInfo(struct pipes_struct *p, { NTSTATUS status; union samr_UserInfo *user_info = NULL; - struct samr_user_info *uinfo; + struct samr_info *uinfo; struct dom_sid domain_sid; uint32_t rid; bool ret = false; @@ -3095,7 +3110,7 @@ NTSTATUS _samr_QueryUserInfo(struct pipes_struct *p, uinfo = policy_handle_find(p, r->in.user_handle, SAMR_HANDLE_USER, - struct samr_user_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -3244,7 +3259,7 @@ NTSTATUS _samr_QueryUserInfo2(struct pipes_struct *p, NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p, struct samr_GetGroupsForUser *r) { - struct samr_user_info *uinfo; + struct samr_info *uinfo; struct samu *sam_pass=NULL; struct dom_sid *sids; struct samr_RidWithAttribute dom_gid; @@ -3276,7 +3291,7 @@ NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p, uinfo = policy_handle_find(p, r->in.user_handle, SAMR_HANDLE_USER, - struct samr_user_info, &result); + struct samr_info, &result); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -3437,7 +3452,7 @@ static NTSTATUS query_dom_info_1(TALLOC_CTX *mem_ctx, static NTSTATUS query_dom_info_2(TALLOC_CTX *mem_ctx, struct samr_DomGeneralInformation *r, - struct samr_domain_info *dinfo) + struct samr_info *dinfo) { const struct loadparm_substitution *lp_sub = loadparm_s3_global_substitution(); @@ -3594,7 +3609,7 @@ static NTSTATUS query_dom_info_9(TALLOC_CTX *mem_ctx, static NTSTATUS query_dom_info_11(TALLOC_CTX *mem_ctx, struct samr_DomGeneralInformation2 *r, - struct samr_domain_info *dinfo) + struct samr_info *dinfo) { NTSTATUS status; uint32_t account_policy_temp; @@ -3701,7 +3716,7 @@ NTSTATUS _samr_QueryDomainInfo(struct pipes_struct *p, struct samr_QueryDomainInfo *r) { NTSTATUS status = NT_STATUS_OK; - struct samr_domain_info *dinfo; + struct samr_info *dinfo; union samr_DomainInfo *dom_info; uint32_t acc_required; @@ -3739,7 +3754,7 @@ NTSTATUS _samr_QueryDomainInfo(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -3856,8 +3871,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, const char *account = NULL; struct dom_sid sid; uint32_t acb_info = r->in.acct_flags; - struct samr_domain_info *dinfo; - struct samr_user_info *uinfo; + struct samr_info *dinfo; NTSTATUS nt_status; uint32_t acc_granted; struct security_descriptor *psd; @@ -3871,7 +3885,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &nt_status); + struct samr_info, &nt_status); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -3977,16 +3991,16 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, return nt_status; } - uinfo = policy_handle_create(p, - r->out.user_handle, - SAMR_HANDLE_USER, - struct samr_user_info, - &nt_status); + nt_status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_USER, + acc_granted, + &sid, + NULL, + r->out.user_handle); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } - uinfo->sid = sid; - uinfo->access_granted = acc_granted; /* After a "set" ensure we have no cached display info. */ force_flush_samr_cache(&sid); @@ -4024,10 +4038,8 @@ NTSTATUS _samr_Connect(struct pipes_struct *p, struct samr_Connect *r) { uint32_t acc_granted; - struct policy_handle hnd; uint32_t des_access = r->in.access_mask; NTSTATUS status; - struct samr_connect_info *cinfo = NULL; /* Access check */ @@ -4050,19 +4062,17 @@ NTSTATUS _samr_Connect(struct pipes_struct *p, |SAMR_ACCESS_LOOKUP_DOMAIN); /* set up the SAMR connect_anon response */ - - cinfo = policy_handle_create(p, - &hnd, - SAMR_HANDLE_CONNECT, - struct samr_connect_info, - &status); + status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_CONNECT, + acc_granted, + NULL, + NULL, + r->out.connect_handle); if (!NT_STATUS_IS_OK(status)) { return status; } - cinfo->access_granted = acc_granted; - - *r->out.connect_handle = hnd; return NT_STATUS_OK; } @@ -4073,14 +4083,12 @@ NTSTATUS _samr_Connect(struct pipes_struct *p, NTSTATUS _samr_Connect2(struct pipes_struct *p, struct samr_Connect2 *r) { - struct policy_handle hnd; struct security_descriptor *psd = NULL; uint32_t acc_granted; uint32_t des_access = r->in.access_mask; NTSTATUS nt_status; size_t sd_size; const char *fn = "_samr_Connect2"; - struct samr_connect_info *cinfo = NULL; switch (p->opnum) { case NDR_SAMR_CONNECT2: @@ -4120,20 +4128,19 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p, if ( !NT_STATUS_IS_OK(nt_status) ) return nt_status; - cinfo = policy_handle_create(p, - &hnd, - SAMR_HANDLE_CONNECT, - struct samr_connect_info, - &nt_status); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - cinfo->access_granted = acc_granted; + nt_status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_CONNECT, + acc_granted, + NULL, + NULL, + r->out.connect_handle); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } DEBUG(5,("%s: %d\n", fn, __LINE__)); - *r->out.connect_handle = hnd; return NT_STATUS_OK; } @@ -4210,14 +4217,14 @@ NTSTATUS _samr_LookupDomain(struct pipes_struct *p, const char *domain_name; struct dom_sid *sid = NULL; struct dom_sid_buf buf; - struct samr_connect_info *cinfo = NULL; + struct samr_info *cinfo = NULL; /* win9x user manager likes to use SAMR_ACCESS_ENUM_DOMAINS here. Reverted that change so we will work with RAS servers again */ cinfo = policy_handle_find(p, r->in.connect_handle, SAMR_HANDLE_CONNECT, - struct samr_connect_info, + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; @@ -4267,11 +4274,11 @@ NTSTATUS _samr_EnumDomains(struct pipes_struct *p, uint32_t num_entries = 2; struct samr_SamEntry *entry_array = NULL; struct samr_SamArray *sam; - struct samr_connect_info *cinfo = NULL; + struct samr_info *cinfo = NULL; cinfo = policy_handle_find(p, r->in.connect_handle, SAMR_HANDLE_CONNECT, - struct samr_connect_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4319,8 +4326,7 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p, { struct dom_sid sid; uint32_t alias_rid = r->in.rid; - struct samr_alias_info *ainfo; - struct samr_domain_info *dinfo; + struct samr_info *dinfo; struct security_descriptor *psd = NULL; uint32_t acc_granted; uint32_t des_access = r->in.access_mask; @@ -4329,7 +4335,7 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4385,16 +4391,16 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p, } - ainfo = policy_handle_create(p, - r->out.alias_handle, - SAMR_HANDLE_ALIAS, - struct samr_alias_info, - &status); + status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_ALIAS, + acc_granted, + &sid, + NULL, + r->out.alias_handle); if (!NT_STATUS_IS_OK(status)) { return status; } - ainfo->sid = sid; - ainfo->access_granted = acc_granted; return NT_STATUS_OK; } @@ -5250,7 +5256,7 @@ out: NTSTATUS _samr_SetUserInfo(struct pipes_struct *p, struct samr_SetUserInfo *r) { - struct samr_user_info *uinfo; + struct samr_info *uinfo; NTSTATUS status; struct samu *pwd = NULL; union samr_UserInfo *info = r->in.info; @@ -5317,7 +5323,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p, uinfo = policy_handle_find(p, r->in.user_handle, SAMR_HANDLE_USER, - struct samr_user_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5579,7 +5585,7 @@ NTSTATUS _samr_GetAliasMembership(struct pipes_struct *p, { size_t num_alias_rids; uint32_t *alias_rids; - struct samr_domain_info *dinfo; + struct samr_info *dinfo; size_t i; NTSTATUS status; @@ -5590,7 +5596,7 @@ NTSTATUS _samr_GetAliasMembership(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5653,7 +5659,7 @@ NTSTATUS _samr_GetAliasMembership(struct pipes_struct *p, NTSTATUS _samr_GetMembersInAlias(struct pipes_struct *p, struct samr_GetMembersInAlias *r) { - struct samr_alias_info *ainfo; + struct samr_info *ainfo; NTSTATUS status; size_t i; size_t num_sids = 0; @@ -5663,7 +5669,7 @@ NTSTATUS _samr_GetMembersInAlias(struct pipes_struct *p, ainfo = policy_handle_find(p, r->in.alias_handle, SAMR_HANDLE_ALIAS, - struct samr_alias_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5717,7 +5723,7 @@ NTSTATUS _samr_GetMembersInAlias(struct pipes_struct *p, NTSTATUS _samr_QueryGroupMember(struct pipes_struct *p, struct samr_QueryGroupMember *r) { - struct samr_group_info *ginfo; + struct samr_info *ginfo; size_t i, num_members; uint32_t *rid=NULL; @@ -5729,7 +5735,7 @@ NTSTATUS _samr_QueryGroupMember(struct pipes_struct *p, ginfo = policy_handle_find(p, r->in.group_handle, SAMR_HANDLE_GROUP, - struct samr_group_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5795,13 +5801,13 @@ NTSTATUS _samr_QueryGroupMember(struct pipes_struct *p, NTSTATUS _samr_AddAliasMember(struct pipes_struct *p, struct samr_AddAliasMember *r) { - struct samr_alias_info *ainfo; + struct samr_info *ainfo; struct dom_sid_buf buf; NTSTATUS status; ainfo = policy_handle_find(p, r->in.alias_handle, SAMR_HANDLE_ALIAS, - struct samr_alias_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5837,13 +5843,13 @@ NTSTATUS _samr_AddAliasMember(struct pipes_struct *p, NTSTATUS _samr_DeleteAliasMember(struct pipes_struct *p, struct samr_DeleteAliasMember *r) { - struct samr_alias_info *ainfo; + struct samr_info *ainfo; struct dom_sid_buf buf; NTSTATUS status; ainfo = policy_handle_find(p, r->in.alias_handle, SAMR_HANDLE_ALIAS, - struct samr_alias_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5880,14 +5886,14 @@ NTSTATUS _samr_DeleteAliasMember(struct pipes_struct *p, NTSTATUS _samr_AddGroupMember(struct pipes_struct *p, struct samr_AddGroupMember *r) { - struct samr_group_info *ginfo; + struct samr_info *ginfo; struct dom_sid_buf buf; NTSTATUS status; uint32_t group_rid; ginfo = policy_handle_find(p, r->in.group_handle, SAMR_HANDLE_GROUP, - struct samr_group_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5927,7 +5933,7 @@ NTSTATUS _samr_DeleteGroupMember(struct pipes_struct *p, struct samr_DeleteGroupMember *r) { - struct samr_group_info *ginfo; + struct samr_info *ginfo; NTSTATUS status; uint32_t group_rid; @@ -5939,7 +5945,7 @@ NTSTATUS _samr_DeleteGroupMember(struct pipes_struct *p, ginfo = policy_handle_find(p, r->in.group_handle, SAMR_HANDLE_GROUP, - struct samr_group_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -5976,7 +5982,7 @@ NTSTATUS _samr_DeleteGroupMember(struct pipes_struct *p, NTSTATUS _samr_DeleteUser(struct pipes_struct *p, struct samr_DeleteUser *r) { - struct samr_user_info *uinfo; + struct samr_info *uinfo; NTSTATUS status; struct samu *sam_pass=NULL; bool ret; @@ -5985,7 +5991,7 @@ NTSTATUS _samr_DeleteUser(struct pipes_struct *p, uinfo = policy_handle_find(p, r->in.user_handle, SAMR_HANDLE_USER, - struct samr_user_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6053,7 +6059,7 @@ NTSTATUS _samr_DeleteUser(struct pipes_struct *p, NTSTATUS _samr_DeleteDomainGroup(struct pipes_struct *p, struct samr_DeleteDomainGroup *r) { - struct samr_group_info *ginfo; + struct samr_info *ginfo; struct dom_sid_buf buf; NTSTATUS status; uint32_t group_rid; @@ -6062,7 +6068,7 @@ NTSTATUS _samr_DeleteDomainGroup(struct pipes_struct *p, ginfo = policy_handle_find(p, r->in.group_handle, SAMR_HANDLE_GROUP, - struct samr_group_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6112,7 +6118,7 @@ NTSTATUS _samr_DeleteDomainGroup(struct pipes_struct *p, NTSTATUS _samr_DeleteDomAlias(struct pipes_struct *p, struct samr_DeleteDomAlias *r) { - struct samr_alias_info *ainfo; + struct samr_info *ainfo; struct dom_sid_buf buf; NTSTATUS status; @@ -6120,7 +6126,7 @@ NTSTATUS _samr_DeleteDomAlias(struct pipes_struct *p, ainfo = policy_handle_find(p, r->in.alias_handle, SAMR_HANDLE_ALIAS, - struct samr_alias_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6175,12 +6181,12 @@ NTSTATUS _samr_CreateDomainGroup(struct pipes_struct *p, { NTSTATUS status; const char *name; - struct samr_domain_info *dinfo; - struct samr_group_info *ginfo; + struct samr_info *dinfo; + struct dom_sid sid; dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6220,16 +6226,18 @@ NTSTATUS _samr_CreateDomainGroup(struct pipes_struct *p, if ( !NT_STATUS_IS_OK(status) ) return status; - ginfo = policy_handle_create(p, - r->out.group_handle, - SAMR_HANDLE_GROUP, - struct samr_group_info, - &status); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - sid_compose(&ginfo->sid, &dinfo->sid, *r->out.rid); - ginfo->access_granted = GENERIC_RIGHTS_GROUP_ALL_ACCESS; + sid_compose(&sid, &dinfo->sid, *r->out.rid); + + status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_GROUP, + GENERIC_RIGHTS_GROUP_ALL_ACCESS, + &sid, + NULL, + r->out.group_handle); + if (!NT_STATUS_IS_OK(status)) { + return status; + } force_flush_samr_cache(&dinfo->sid); @@ -6245,14 +6253,13 @@ NTSTATUS _samr_CreateDomAlias(struct pipes_struct *p, { struct dom_sid info_sid; const char *name = NULL; - struct samr_domain_info *dinfo; - struct samr_alias_info *ainfo; + struct samr_info *dinfo; gid_t gid; NTSTATUS result; dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &result); + struct samr_info, &result); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -6304,16 +6311,16 @@ NTSTATUS _samr_CreateDomAlias(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - ainfo = policy_handle_create(p, - r->out.alias_handle, - SAMR_HANDLE_ALIAS, - struct samr_alias_info, - &result); - if (!NT_STATUS_IS_OK(result)) { - return result; - } - ainfo->sid = info_sid; - ainfo->access_granted = GENERIC_RIGHTS_ALIAS_ALL_ACCESS; + result = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_ALIAS, + GENERIC_RIGHTS_ALIAS_ALL_ACCESS, + &info_sid, + NULL, + r->out.alias_handle); + if (!NT_STATUS_IS_OK(result)) { + return result; + } force_flush_samr_cache(&info_sid); @@ -6327,7 +6334,7 @@ NTSTATUS _samr_CreateDomAlias(struct pipes_struct *p, NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p, struct samr_QueryGroupInfo *r) { - struct samr_group_info *ginfo; + struct samr_info *ginfo; NTSTATUS status; GROUP_MAP *map; union samr_GroupInfo *info = NULL; @@ -6340,7 +6347,7 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p, ginfo = policy_handle_find(p, r->in.group_handle, SAMR_HANDLE_GROUP, - struct samr_group_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6443,14 +6450,14 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p, NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p, struct samr_SetGroupInfo *r) { - struct samr_group_info *ginfo; + struct samr_info *ginfo; GROUP_MAP *map; NTSTATUS status; bool ret; ginfo = policy_handle_find(p, r->in.group_handle, SAMR_HANDLE_GROUP, - struct samr_group_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6518,13 +6525,13 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p, NTSTATUS _samr_SetAliasInfo(struct pipes_struct *p, struct samr_SetAliasInfo *r) { - struct samr_alias_info *ainfo; + struct samr_info *ainfo; struct acct_info *info; NTSTATUS status; ainfo = policy_handle_find(p, r->in.alias_handle, SAMR_HANDLE_ALIAS, - struct samr_alias_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6678,8 +6685,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, struct dom_sid info_sid; struct dom_sid_buf buf; GROUP_MAP *map; - struct samr_domain_info *dinfo; - struct samr_group_info *ginfo; + struct samr_info *dinfo; struct security_descriptor *psd = NULL; uint32_t acc_granted; uint32_t des_access = r->in.access_mask; @@ -6689,7 +6695,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -6741,16 +6747,16 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, TALLOC_FREE(map); - ginfo = policy_handle_create(p, - r->out.group_handle, - SAMR_HANDLE_GROUP, - struct samr_group_info, - &status); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - ginfo->sid = info_sid; - ginfo->access_granted = acc_granted; + status = create_samr_policy_handle(p->mem_ctx, + p, + SAMR_HANDLE_GROUP, + acc_granted, + &info_sid, + NULL, + r->out.group_handle); + if (!NT_STATUS_IS_OK(status)) { + return status; + } return NT_STATUS_OK; } @@ -6762,7 +6768,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, NTSTATUS _samr_RemoveMemberFromForeignDomain(struct pipes_struct *p, struct samr_RemoveMemberFromForeignDomain *r) { - struct samr_domain_info *dinfo; + struct samr_info *dinfo; struct dom_sid_buf buf; NTSTATUS result; @@ -6773,7 +6779,7 @@ NTSTATUS _samr_RemoveMemberFromForeignDomain(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &result); + struct samr_info, &result); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -6923,7 +6929,7 @@ NTSTATUS _samr_SetDomainInfo(struct pipes_struct *p, { NTSTATUS status; uint32_t acc_required = 0; - struct samr_domain_info *dinfo = NULL; + struct samr_info *dinfo = NULL; DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__)); @@ -6950,7 +6956,7 @@ NTSTATUS _samr_SetDomainInfo(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -7002,7 +7008,7 @@ NTSTATUS _samr_SetDomainInfo(struct pipes_struct *p, NTSTATUS _samr_GetDisplayEnumerationIndex(struct pipes_struct *p, struct samr_GetDisplayEnumerationIndex *r) { - struct samr_domain_info *dinfo; + struct samr_info *dinfo; uint32_t max_entries = (uint32_t) -1; uint32_t enum_context = 0; int i; @@ -7014,7 +7020,7 @@ NTSTATUS _samr_GetDisplayEnumerationIndex(struct pipes_struct *p, dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -7153,13 +7159,13 @@ NTSTATUS _samr_GetDisplayEnumerationIndex2(struct pipes_struct *p, NTSTATUS _samr_RidToSid(struct pipes_struct *p, struct samr_RidToSid *r) { - struct samr_domain_info *dinfo; + struct samr_info *dinfo; NTSTATUS status; struct dom_sid sid; dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_HANDLE_DOMAIN, - struct samr_domain_info, &status); + struct samr_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; }