1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

added queryuseraliases to rpcclient

and some comments to the samr server code, to explain what we should
return here.

	J.F.
(This used to be commit 06cb20a46d)
This commit is contained in:
Jean-François Micouleau 2001-12-02 01:45:50 +00:00
parent 043dfe985c
commit 633ee99afa
3 changed files with 150 additions and 0 deletions

View File

@ -407,6 +407,55 @@ NTSTATUS cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return result;
}
/* Query user aliases */
NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *user_pol, uint32 num_sids, DOM_SID2 *sid,
uint32 *num_aliases, uint32 **als_rids)
{
prs_struct qbuf, rbuf;
SAMR_Q_QUERY_USERALIASES q;
SAMR_R_QUERY_USERALIASES r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint ptr=1;
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* Initialise parse structures */
prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
/* Marshall data and send request */
init_samr_q_query_useraliases(&q, user_pol, num_sids, &ptr, sid);
if (!samr_io_q_query_useraliases("", &q, &qbuf, 0) ||
!rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) {
goto done;
}
/* Unmarshall response */
if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) {
goto done;
}
/* Return output parameters */
if (NT_STATUS_IS_OK(result = r.status)) {
*num_aliases = r.num_entries;
*als_rids = r.rid;
}
done:
prs_mem_free(&qbuf);
prs_mem_free(&rbuf);
return result;
}
/* Query user groups */
NTSTATUS cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,

View File

@ -1849,6 +1849,19 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
struct samr_info *info = NULL;
BOOL ret;
/*
* from the SID in the request:
* we should send back the list of DOMAIN GROUPS
* the user is a member of
*
* and only the DOMAIN GROUPS
* no ALIASES !!! neither aliases of the domain
* nor aliases of the builtin SID
*
* JFM, 12/2/2001
*/
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
@ -2704,6 +2717,26 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
/* until i see a real useraliases query, we fack one up */
/* I have seen one, JFM 2/12/2001 */
/*
* Explanation of what this call does:
* for all the SID given in the request:
* return a list of alias (local groups)
* that have those SID as members.
*
* and that's the alias in the domain specified
* in the policy_handle
*
* if the policy handle is on an incorrect sid
* for example a user's sid
* we should reply NT_STATUS_OBJECT_TYPE_MISMATCH
*/
rid[0] = BUILTIN_ALIAS_RID_USERS;
init_samr_r_query_useraliases(r_u, num_rids, rid, NT_STATUS_OK);

View File

@ -538,6 +538,73 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
return result;
}
/* Query aliases a user is a member of */
static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
TALLOC_CTX *mem_ctx,
int argc, char **argv)
{
POLICY_HND connect_pol,
domain_pol,
user_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 user_rid, num_aliases, *alias_rids;
int i;
fstring server;
DOM_SID tmp_sid;
DOM_SID2 sid;
DOM_SID global_sid_Builtin;
string_to_sid(&global_sid_Builtin, "S-1-5-32");
if (argc != 3) {
printf("Usage: %s builtin|domain rid\n", argv[0]);
return NT_STATUS_OK;
}
sscanf(argv[2], "%i", &user_rid);
slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
strupper (server);
result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
&connect_pol);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
if (StrCaseCmp(argv[1], "domain")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
MAXIMUM_ALLOWED_ACCESS,
&domain_sid, &domain_pol);
else if (StrCaseCmp(argv[1], "builtin")==0)
result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
MAXIMUM_ALLOWED_ACCESS,
&global_sid_Builtin, &domain_pol);
else
return NT_STATUS_OK;
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
sid_copy(&tmp_sid, &domain_sid);
sid_append_rid(&tmp_sid, user_rid);
init_dom_sid2(&sid, &tmp_sid);
result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
for (i = 0; i < num_aliases; i++) {
printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
}
done:
return result;
}
/* Query members of a group */
static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
@ -1163,6 +1230,7 @@ struct cmd_set samr_commands[] = {
{ "queryuser", cmd_samr_query_user, PIPE_SAMR, "Query user info", "" },
{ "querygroup", cmd_samr_query_group, PIPE_SAMR, "Query group info", "" },
{ "queryusergroups", cmd_samr_query_usergroups, PIPE_SAMR, "Query user groups", "" },
{ "queryuseraliases", cmd_samr_query_useraliases, PIPE_SAMR, "Query user aliases", "" },
{ "querygroupmem", cmd_samr_query_groupmem, PIPE_SAMR, "Query group membership", "" },
{ "queryaliasmem", cmd_samr_query_aliasmem, PIPE_SAMR, "Query alias membership", "" },
{ "querydispinfo", cmd_samr_query_dispinfo, PIPE_SAMR, "Query display info", "" },