mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
added queryuseraliases to rpcclient
and some comments to the samr server code, to explain what we should
return here.
J.F.
(This used to be commit 06cb20a46d
)
This commit is contained in:
parent
043dfe985c
commit
633ee99afa
@ -407,6 +407,55 @@ NTSTATUS cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Query user aliases */
|
||||
|
||||
NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
POLICY_HND *user_pol, uint32 num_sids, DOM_SID2 *sid,
|
||||
uint32 *num_aliases, uint32 **als_rids)
|
||||
{
|
||||
prs_struct qbuf, rbuf;
|
||||
SAMR_Q_QUERY_USERALIASES q;
|
||||
SAMR_R_QUERY_USERALIASES r;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
uint ptr=1;
|
||||
|
||||
ZERO_STRUCT(q);
|
||||
ZERO_STRUCT(r);
|
||||
|
||||
/* Initialise parse structures */
|
||||
|
||||
prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
|
||||
prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
|
||||
|
||||
/* Marshall data and send request */
|
||||
|
||||
init_samr_q_query_useraliases(&q, user_pol, num_sids, &ptr, sid);
|
||||
|
||||
if (!samr_io_q_query_useraliases("", &q, &qbuf, 0) ||
|
||||
!rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Unmarshall response */
|
||||
|
||||
if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Return output parameters */
|
||||
|
||||
if (NT_STATUS_IS_OK(result = r.status)) {
|
||||
*num_aliases = r.num_entries;
|
||||
*als_rids = r.rid;
|
||||
}
|
||||
|
||||
done:
|
||||
prs_mem_free(&qbuf);
|
||||
prs_mem_free(&rbuf);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Query user groups */
|
||||
|
||||
NTSTATUS cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
|
||||
|
@ -1849,6 +1849,19 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
|
||||
struct samr_info *info = NULL;
|
||||
BOOL ret;
|
||||
|
||||
/*
|
||||
* from the SID in the request:
|
||||
* we should send back the list of DOMAIN GROUPS
|
||||
* the user is a member of
|
||||
*
|
||||
* and only the DOMAIN GROUPS
|
||||
* no ALIASES !!! neither aliases of the domain
|
||||
* nor aliases of the builtin SID
|
||||
*
|
||||
* JFM, 12/2/2001
|
||||
*/
|
||||
|
||||
|
||||
r_u->status = NT_STATUS_OK;
|
||||
|
||||
DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
|
||||
@ -2704,6 +2717,26 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
|
||||
|
||||
/* until i see a real useraliases query, we fack one up */
|
||||
|
||||
/* I have seen one, JFM 2/12/2001 */
|
||||
/*
|
||||
* Explanation of what this call does:
|
||||
* for all the SID given in the request:
|
||||
* return a list of alias (local groups)
|
||||
* that have those SID as members.
|
||||
*
|
||||
* and that's the alias in the domain specified
|
||||
* in the policy_handle
|
||||
*
|
||||
* if the policy handle is on an incorrect sid
|
||||
* for example a user's sid
|
||||
* we should reply NT_STATUS_OBJECT_TYPE_MISMATCH
|
||||
*/
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
rid[0] = BUILTIN_ALIAS_RID_USERS;
|
||||
|
||||
init_samr_r_query_useraliases(r_u, num_rids, rid, NT_STATUS_OK);
|
||||
|
@ -538,6 +538,73 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Query aliases a user is a member of */
|
||||
|
||||
static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
int argc, char **argv)
|
||||
{
|
||||
POLICY_HND connect_pol,
|
||||
domain_pol,
|
||||
user_pol;
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
uint32 user_rid, num_aliases, *alias_rids;
|
||||
int i;
|
||||
fstring server;
|
||||
DOM_SID tmp_sid;
|
||||
DOM_SID2 sid;
|
||||
DOM_SID global_sid_Builtin;
|
||||
|
||||
string_to_sid(&global_sid_Builtin, "S-1-5-32");
|
||||
|
||||
if (argc != 3) {
|
||||
printf("Usage: %s builtin|domain rid\n", argv[0]);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
sscanf(argv[2], "%i", &user_rid);
|
||||
|
||||
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
|
||||
strupper (server);
|
||||
|
||||
result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
|
||||
&connect_pol);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (StrCaseCmp(argv[1], "domain")==0)
|
||||
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
|
||||
MAXIMUM_ALLOWED_ACCESS,
|
||||
&domain_sid, &domain_pol);
|
||||
else if (StrCaseCmp(argv[1], "builtin")==0)
|
||||
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
|
||||
MAXIMUM_ALLOWED_ACCESS,
|
||||
&global_sid_Builtin, &domain_pol);
|
||||
else
|
||||
return NT_STATUS_OK;
|
||||
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
sid_copy(&tmp_sid, &domain_sid);
|
||||
sid_append_rid(&tmp_sid, user_rid);
|
||||
init_dom_sid2(&sid, &tmp_sid);
|
||||
|
||||
result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (i = 0; i < num_aliases; i++) {
|
||||
printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
|
||||
}
|
||||
|
||||
done:
|
||||
return result;
|
||||
}
|
||||
|
||||
/* Query members of a group */
|
||||
|
||||
static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
|
||||
@ -1163,6 +1230,7 @@ struct cmd_set samr_commands[] = {
|
||||
{ "queryuser", cmd_samr_query_user, PIPE_SAMR, "Query user info", "" },
|
||||
{ "querygroup", cmd_samr_query_group, PIPE_SAMR, "Query group info", "" },
|
||||
{ "queryusergroups", cmd_samr_query_usergroups, PIPE_SAMR, "Query user groups", "" },
|
||||
{ "queryuseraliases", cmd_samr_query_useraliases, PIPE_SAMR, "Query user aliases", "" },
|
||||
{ "querygroupmem", cmd_samr_query_groupmem, PIPE_SAMR, "Query group membership", "" },
|
||||
{ "queryaliasmem", cmd_samr_query_aliasmem, PIPE_SAMR, "Query alias membership", "" },
|
||||
{ "querydispinfo", cmd_samr_query_dispinfo, PIPE_SAMR, "Query display info", "" },
|
||||
|
Loading…
Reference in New Issue
Block a user