sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-29 21:47:30 +03:00
Code

loadparm.c :

Browse Source 
added "domain other sids" parameter

pipenetlog.c :

	using "domain other sids" parameter in SAM Logon response.
	using new name_to_rid() function for r_uid and r_gid.

pipentlsa.c :

	minor mods to do with new name_to_rid() function.

pipesrvsvc.c :

	in the "net share enum" response, allocate some more space for the buffer.
	there can be only 32 share entries in the response anyway.  this needs
	to be dealt with.

pipeutil.c :

	modified name_to_rid() function to use new parameters "domain admin users"
	and "domain guest users", but will otherwise do unix uid + 1000.

	moved make_dom_gids() here.

proto.h:

	the usual.

smb.h smbparse.c :

	renamed sid_no to sid_rev_num in DOM_SID, and gid to r_gid in DOM_GID.

util.c :

	moved make_dom_gids() from here.
	created char *unistrn2(uint16* uni_buffer, int max_len)
This commit is contained in:
Luke Leighton -
parent 8d1993c71a
commit ec60e48d79
9 changed files with 210 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
source/include/proto.h
View File

@ -186,7 +186,8 @@ char *lp_socket_address(void);
char *lp_nis_home_map_name(void);
char *lp_announce_version(void);
char *lp_netbios_aliases(void);
char *lp_domainsid(void);
char *lp_domain_sid(void);
char *lp_domain_other_sids(void);
char *lp_domain_groups(void);
char *lp_domain_admin_users(void);
char *lp_domain_guest_users(void);
@ -696,9 +697,11 @@ BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data,
void initrpcreply(char *inbuf, char *q);
void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen);
uint32 name_to_rid(char *user_name);
BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
char *dom_sid_to_string(DOM_SID *sid);
void make_dom_sid(DOM_SID *sid, char *domsid);
int make_dom_sids(char *sids_str, DOM_SID *sids, int max_sids);
int make_dom_gids(char *gids_str, DOM_GID *gids);
void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len);
int make_rpc_reply(char *inbuf, char *q, int data_len);
void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate);
@ -1139,6 +1142,7 @@ BOOL is_myname(char *s);
void set_remote_arch(enum remote_arch_types type);
enum remote_arch_types get_remote_arch();
char *skip_unicode_string(char *buf,int n);
char *unistrn2(uint16 *buf, int len);
char *unistr2(uint16 *buf);
char *unistr(char *buf);
int unistrncpy(char *dst, char *src, int len);
@ -1150,4 +1154,3 @@ char *align2(char *q, char *base);
char *align_offset(char *q, char *base, int align_offset_len);
void dump_data(int level,char *buf1,int len);
char *tab_depth(int depth);
int make_domain_gids(char *gids_str, DOM_GID *gids);

8
source/include/smb.h
View File

@ -341,15 +341,15 @@ typedef struct nttime_info
} NTTIME;
#define MAXSUBAUTHS 10 /* max sub authorities in a SID */
#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
/* DOM_SID - security id */
typedef struct sid_info
{
uint8 sid_no; /* SID revision number */
uint8 sid_rev_num; /* SID revision number */
uint8 num_auths; /* number of sub-authorities */
uint8 id_auth[6]; /* Identifier Authority */
uint16 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
uint16 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
} DOM_SID;
@ -517,7 +517,7 @@ typedef struct sam_info
/* DOM_GID - group id + user attributes */
typedef struct gid_info
{
uint32 gid; /* group id */
uint32 g_rid; /* a group RID */
uint32 attr;
} DOM_GID;

83
source/lib/util.c
View File

@ -4289,6 +4289,26 @@ char *skip_unicode_string(char *buf,int n)
return(buf);
}
/*******************************************************************
Return a ascii version of a unicode string
Hack alert: uses fixed buffer(s) and only handles ascii strings
********************************************************************/
#define MAXUNI 1024
char *unistrn2(uint16 *buf, int len)
{
static char lbufs[8][MAXUNI];
static int nexti;
char *lbuf = lbufs[nexti];
char *p;
nexti = (nexti+1)%8;
for (p = lbuf; *buf && p-lbuf < MAXUNI-2 && len >= 0; len--, p++, buf++)
{
*p = *buf;
}
*p = 0;
return lbuf;
}
/*******************************************************************
Return a ascii version of a unicode string
Hack alert: uses fixed buffer(s) and only handles ascii strings
@ -4510,66 +4530,3 @@ char *tab_depth(int depth)
}
/* array lookup of well-known RID aliases. the purpose of these escapes me.. */
static struct
{
uint32 rid;
char *rid_name;
} rid_lookups[] =
{
{ DOMAIN_ALIAS_RID_ADMINS , "admins" },
{ DOMAIN_ALIAS_RID_USERS , "users" },
{ DOMAIN_ALIAS_RID_GUESTS , "guests" },
{ DOMAIN_ALIAS_RID_POWER_USERS , "power_users" },
{ DOMAIN_ALIAS_RID_ACCOUNT_OPS , "account_ops" },
{ DOMAIN_ALIAS_RID_SYSTEM_OPS , "system_ops" },
{ DOMAIN_ALIAS_RID_PRINT_OPS , "print_ops" },
{ DOMAIN_ALIAS_RID_BACKUP_OPS , "backup_ops" },
{ DOMAIN_ALIAS_RID_REPLICATOR , "replicator" },
{ 0 , NULL }
};
int make_domain_gids(char *gids_str, DOM_GID *gids)
{
char *ptr;
pstring s2;
int count;
DEBUG(4,("make_domain_gids: %s\n", gids_str));
if (gids_str == NULL || *gids_str == 0) return 0;
for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++)
{
/* the entries are of the form GID/ATTR, ATTR being optional.*/
char *attr;
uint32 rid = 0;
int i;
attr = strchr(s2,'/');
if (attr) *attr++ = 0;
if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
/* look up the RID string and see if we can turn it into a rid number */
for (i = 0; rid_lookups[i].rid_name != NULL; i++)
{
if (strequal(rid_lookups[i].rid_name, s2))
{
rid = rid_lookups[i].rid;
break;
}
}
if (rid == 0) rid = atoi(s2);
gids[count].gid = rid;
gids[count].attr = atoi(attr);
DEBUG(5,("group id: %d attr: %d\n", gids[count].gid, gids[count].attr));
}
return count;
}

7
source/param/loadparm.c
View File

@ -145,6 +145,7 @@ typedef struct
char *szAnnounceVersion; /* This is initialised in init_globals */
char *szNetbiosAliases;
char *szDomainSID;
char *szDomainOtherSIDs;
char *szDomainGroups;
int max_log_size;
int mangled_stack;
@ -447,6 +448,7 @@ struct parm_struct
{"valid chars", P_STRING, P_GLOBAL, &Globals.szValidChars, handle_valid_chars},
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkGroup, NULL},
{"domain sid", P_USTRING, P_GLOBAL, &Globals.szDomainSID, NULL},
{"domain other sids", P_USTRING, P_GLOBAL, &Globals.szDomainOtherSIDs, NULL},
{"domain groups", P_USTRING, P_GLOBAL, &Globals.szDomainGroups, NULL},
{"domain controller",P_STRING, P_GLOBAL, &Globals.szDomainController,NULL},
{"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL},
@ -638,7 +640,7 @@ static void init_globals(void)
/* %N is the NIS auto.home server if -DAUTOHOME is used, else same as %L */
string_set(&Globals.szLogonHome, "\\\\%N\\%U");
string_set(&Globals.szLogonPath, "\\\\%N\\%U\\profile");
string_set(&Globals.szDomainGroups, "776/7");
Globals.bLoadPrinters = True;
Globals.bUseRhosts = False;
Globals.max_packet = 65535;
@ -867,7 +869,8 @@ FN_GLOBAL_STRING(lp_nis_home_map_name,&Globals.szNISHomeMapName)
FN_GLOBAL_STRING(lp_announce_version,&Globals.szAnnounceVersion)
FN_GLOBAL_STRING(lp_netbios_aliases,&Globals.szNetbiosAliases)
FN_GLOBAL_STRING(lp_domainsid,&Globals.szDomainSID)
FN_GLOBAL_STRING(lp_domain_sid,&Globals.szDomainSID)
FN_GLOBAL_STRING(lp_domain_other_sids,&Globals.szDomainOtherSIDs)
FN_GLOBAL_STRING(lp_domain_groups,&Globals.szDomainGroups)
FN_GLOBAL_STRING(lp_domain_admin_users,&Globals.szDomainAdminUsers)
FN_GLOBAL_STRING(lp_domain_guest_users,&Globals.szDomainGuestUsers)

50
source/pipenetlog.c
View File

@ -154,7 +154,7 @@ static void make_lsa_user_info(LSA_USER_INFO *usr,
/* only cope with one "other" sid, right now. */
/* need to count the number of space-delimited sids */
int i;
int num_other_sids = other_sids != NULL ? 1 : 0;
int num_other_sids = 0;
int len_user_name = strlen(user_name );
int len_full_name = strlen(full_name );
@ -207,6 +207,8 @@ static void make_lsa_user_info(LSA_USER_INFO *usr,
bzero(usr->padding, sizeof(usr->padding));
num_other_sids = make_dom_sids(other_sids, usr->other_sids, LSA_MAX_SIDS);
usr->num_other_sids = num_other_sids;
usr->buffer_other_sids = num_other_sids != 0 ? 1 : 0;
@ -227,7 +229,7 @@ static void make_lsa_user_info(LSA_USER_INFO *usr,
make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom);
make_dom_sid(&(usr->dom_sid), dom_sid);
make_dom_sid(&(usr->other_sids[0]), other_sids);
/* "other" sids are set up above */
}
@ -350,7 +352,8 @@ static void api_lsa_req_chal( int cnum, uint16 vuid,
/* grab the challenge... */
lsa_io_q_req_chal(True, &q_r, data + 0x18, data, 4, 0);
fstrcpy(mach_acct, unistr2(q_r.uni_logon_clnt.buffer));
fstrcpy(mach_acct, unistrn2(q_r.uni_logon_clnt.buffer,
q_r.uni_logon_clnt.uni_str_len));
strcat(mach_acct, "$");
@ -497,6 +500,8 @@ static void api_lsa_sam_logon( user_struct *vuser,
/* checks and updates credentials. creates reply credentials */
deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_creds);
usr_info.ptr_user_info = 0;
if (vuser != NULL)
{
DOM_GID gids[LSA_MAX_GROUPS];
@ -510,7 +515,10 @@ static void api_lsa_sam_logon( user_struct *vuser,
pstring my_workgroup;
pstring domain_groups;
pstring dom_sid;
pstring other_sids;
extern pstring myname;
uint32 r_uid;
uint32 r_gid;
dummy_time.low = 0xffffffff;
dummy_time.high = 0x7fffffff;
@ -519,19 +527,20 @@ static void api_lsa_sam_logon( user_struct *vuser,
pstrcpy(samlogon_user, unistr2(q_l.sam_id.auth.id1.uni_user_name.buffer));
DEBUG(3,("SAM Logon. Domain:[%s]. User [%s]\n",
DEBUG(3,("SAM Logon. Domain:[%s]. User:[%s]\n",
lp_workgroup(), samlogon_user));
/* hack to get standard_sub_basic() to use the sam logon username */
sam_logon_in_ssb = True;
pstrcpy(logon_script, lp_logon_script());
pstrcpy(profile_path, lp_logon_path ());
pstrcpy(dom_sid , lp_domainsid ());
pstrcpy(my_workgroup, lp_workgroup ());
pstrcpy(logon_script, lp_logon_script ());
pstrcpy(profile_path, lp_logon_path ());
pstrcpy(dom_sid , lp_domain_sid ());
pstrcpy(other_sids , lp_domain_other_sids());
pstrcpy(my_workgroup, lp_workgroup ());
pstrcpy(home_drive , lp_logon_drive ());
pstrcpy(home_dir , lp_logon_home ());
pstrcpy(home_drive , lp_logon_drive ());
pstrcpy(home_dir , lp_logon_home ());
/* any additional groups this user is in. e.g power users */
pstrcpy(domain_groups, lp_domain_groups());
@ -554,14 +563,16 @@ static void api_lsa_sam_logon( user_struct *vuser,
strcat(domain_groups, " 513/7 ");
}
num_gids = make_domain_gids(domain_groups, gids);
num_gids = make_dom_gids(domain_groups, gids);
sam_logon_in_ssb = False;
pstrcpy(my_name , myname );
strupper(my_name);
make_lsa_user_info(&usr_info,
if (name_to_rid(samlogon_user, &r_uid, &r_gid))
{
make_lsa_user_info(&usr_info,
&dummy_time, /* logon_time */
&dummy_time, /* logoff_time */
@ -580,23 +591,20 @@ static void api_lsa_sam_logon( user_struct *vuser,
0, /* logon_count */
0, /* bad_pw_count */
vuser->uid, /* uint32 user_id */
vuser->gid, /* uint32 group_id */
r_uid, /* RID user_id */
r_gid, /* RID group_id */
num_gids, /* uint32 num_groups */
gids, /* DOM_GID *gids */
0x20, /* uint32 user_flgs */
NULL, /* char sess_key[16] */
my_name, /* char *logon_srv */
my_name , /* char *logon_srv */
my_workgroup, /* char *logon_dom */
dom_sid, /* char *dom_sid */
NULL); /* char *other_sids */
}
else
{
usr_info.ptr_user_info = 0;
dom_sid, /* char *dom_sid */
other_sids); /* char *other_sids */
}
}
*rdata_len = lsa_reply_sam_logon(&q_l, *rdata + 0x18, *rdata,

13
source/pipentlsa.c
View File

@ -226,7 +226,7 @@ static void api_lsa_query_info( char *param, char *data,
lsa_io_q_query(True, &q_i, data + 0x18, data, 4, 0);
pstrcpy(dom_name, lp_workgroup());
pstrcpy(dom_sid , lp_domainsid());
pstrcpy(dom_sid , lp_domain_sid());
/* construct reply. return status is always 0x0 */
*rdata_len = lsa_reply_query_info(&q_i, *rdata + 0x18, *rdata,
@ -246,7 +246,7 @@ static void api_lsa_lookup_sids( char *param, char *data,
lsa_io_q_lookup_sids(True, &q_l, data + 0x18, data, 4, 0);
pstrcpy(dom_name, lp_workgroup());
pstrcpy(dom_sid , lp_domainsid());
pstrcpy(dom_sid , lp_domain_sid());
/* convert received SIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
@ -269,18 +269,23 @@ static void api_lsa_lookup_names( char *param, char *data,
pstring dom_name;
pstring dom_sid;
uint32 dom_rids[MAX_LOOKUP_SIDS];
uint32 dummy_g_rid;
/* grab the info class and policy handle */
lsa_io_q_lookup_rids(True, &q_l, data + 0x18, data, 4, 0);
pstrcpy(dom_name, lp_workgroup());
pstrcpy(dom_sid , lp_domainsid());
pstrcpy(dom_sid , lp_domain_sid());
/* convert received RIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
{
char *user_name = unistr2(q_l.lookup_name[i].str.buffer);
dom_rids[i] = name_to_rid(user_name);
if (!name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
{
/* WHOOPS! we should really do something about this... */
dom_rids[i] = 0;
}
}
/* construct reply. return status is always 0x0 */

6
source/pipesrvsvc.c
View File

@ -170,6 +170,11 @@ static void api_srv_net_share_info( char *param, char *data,
/* grab the net share enum */
srv_io_q_net_share_enum(True, &q_n, data + 0x18, data, 4, 0);
/* XXXX push the reply buffer size up a bit, and hope it's sufficient */
/* for the current maximum limit of 32 share entries */
*rdata_len = 4096;
*rdata = REALLOC(*rdata, *rdata_len);
/* construct reply. always indicate success */
*rdata_len = srv_reply_net_share_enum(&q_n, *rdata + 0x18, *rdata, 0x0);
}
@ -208,6 +213,7 @@ BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data,
case NETSHAREENUM:
{
api_srv_net_share_info( param, data, rdata, rdata_len);
make_rpc_reply(data, *rdata, *rdata_len);
break;
}

134
source/pipeutil.c
View File

@ -62,17 +62,41 @@ void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen)
{ int fd; fd = open("/tmp/rpc", O_RDWR); write(fd, q, datalen + 4); }
}
/* RID username mapping function. just for fun, it maps to the unix uid */
uint32 name_to_rid(char *user_name)
/* Group and User RID username mapping function */
BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
{
struct passwd *pw = Get_Pwnam(user_name, False);
if (u_rid == NULL || g_rid == NULL || user_name == NULL)
{
return False;
}
if (!pw)
{
DEBUG(1,("Username %s is invalid on this system\n", user_name));
return (uint32)(-1);
return False;
}
return (uint32)(pw->pw_uid);
if (user_in_list(user_name, lp_domain_guest_users()))
{
*u_rid = DOMAIN_USER_RID_GUEST;
}
else if (user_in_list(user_name, lp_domain_admin_users()))
{
*u_rid = DOMAIN_USER_RID_ADMIN;
}
else
{
/* turn the unix UID into a Domain RID. this is what the posix
sub-system does (adds 1000 to the uid) */
*u_rid = (uint32)(pw->pw_uid + 1000);
}
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
*g_rid = (uint32)(pw->pw_gid + 1000);
return True;
}
@ -87,7 +111,7 @@ char *dom_sid_to_string(DOM_SID *sid)
(sid->id_auth[2] << 16) +
(sid->id_auth[3] << 24);
sprintf(sidstr, "S-%d-%d", sid->sid_no, ia);
sprintf(sidstr, "S-%d-%d", sid->sid_rev_num, ia);
for (i = 0; i < sid->num_auths; i++)
{
@ -111,7 +135,7 @@ void make_dom_sid(DOM_SID *sid, char *domsid)
if (domsid == NULL)
{
DEBUG(4,("netlogon domain SID: none\n"));
sid->sid_no = 0;
sid->sid_rev_num = 0;
sid->num_auths = 0;
return;
}
@ -120,13 +144,13 @@ void make_dom_sid(DOM_SID *sid, char *domsid)
/* assume, but should check, that domsid starts "S-" */
p = strtok(domsid+2,"-");
sid->sid_no = atoi(p);
sid->sid_rev_num = atoi(p);
/* identauth in decimal should be < 2^32 */
/* identauth in hex should be >= 2^32 */
identauth = atoi(strtok(0,"-"));
DEBUG(4,("netlogon rev %d\n", sid->sid_no));
DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num));
DEBUG(4,("netlogon %s ia %d\n", p, identauth));
sid->id_auth[0] = 0;
@ -144,6 +168,100 @@ void make_dom_sid(DOM_SID *sid, char *domsid)
}
}
int make_dom_sids(char *sids_str, DOM_SID *sids, int max_sids)
{
char *ptr;
pstring s2;
int count;
DEBUG(4,("make_dom_sids: %s\n", sids_str));
if (sids_str == NULL || *sids_str == 0) return 0;
for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++)
{
make_dom_sid(&sids[count], s2);
}
return count;
}
/* array lookup of well-known RID aliases. the purpose of these escapes me.. */
/* XXXX this structure should not have the well-known RID groups added to it,
i.e the DOMAIN_GROUP_RID_ADMIN/USER/GUEST. */
static struct
{
uint32 rid;
char *rid_name;
} rid_lookups[] =
{
{ DOMAIN_ALIAS_RID_ADMINS , "admins" },
{ DOMAIN_ALIAS_RID_USERS , "users" },
{ DOMAIN_ALIAS_RID_GUESTS , "guests" },
{ DOMAIN_ALIAS_RID_POWER_USERS , "power_users" },
{ DOMAIN_ALIAS_RID_ACCOUNT_OPS , "account_ops" },
{ DOMAIN_ALIAS_RID_SYSTEM_OPS , "system_ops" },
{ DOMAIN_ALIAS_RID_PRINT_OPS , "print_ops" },
{ DOMAIN_ALIAS_RID_BACKUP_OPS , "backup_ops" },
{ DOMAIN_ALIAS_RID_REPLICATOR , "replicator" },
{ 0 , NULL }
};
int make_dom_gids(char *gids_str, DOM_GID *gids)
{
char *ptr;
pstring s2;
int count;
DEBUG(4,("make_dom_gids: %s\n", gids_str));
if (gids_str == NULL || *gids_str == 0) return 0;
for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++)
{
/* the entries are of the form GID/ATTR, ATTR being optional.*/
char *attr;
uint32 rid = 0;
int i;
attr = strchr(s2,'/');
if (attr) *attr++ = 0;
if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
/* look up the RID string and see if we can turn it into a rid number */
for (i = 0; rid_lookups[i].rid_name != NULL; i++)
{
if (strequal(rid_lookups[i].rid_name, s2))
{
rid = rid_lookups[i].rid;
break;
}
}
if (rid == 0) rid = atoi(s2);
if (rid == 0)
{
DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n",
s2, attr));
count--;
}
else
{
gids[count].g_rid = rid;
gids[count].attr = atoi(attr);
DEBUG(5,("group id: %d attr: %d\n",
gids[count].g_rid,
gids[count].attr));
}
}
return count;
}
void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len)
{
if (hdr == NULL) return;

10
source/smbparse.c
View File

@ -73,9 +73,9 @@ char* smb_io_dom_sid(BOOL io, DOM_SID *sid, char *q, char *base, int align, int
q = align_offset(q, base, align);
DBG_RW_IVAL("num_auths ", depth, base, io, q, sid->num_auths); q += 4;
DBG_RW_CVAL("sid_no ", depth, base, io, q, sid->sid_no); q++;
DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++;
DBG_RW_IVAL("num_auths ", depth, base, io, q, sid->num_auths); q += 4;
DBG_RW_CVAL("sid_rev_num", depth, base, io, q, sid->sid_rev_num); q++;
DBG_RW_CVAL("num_auths ", depth, base, io, q, sid->num_auths); q++;
for (i = 0; i < 6; i++)
{
@ -487,8 +487,8 @@ char* smb_io_gid(BOOL io, DOM_GID *gid, char *q, char *base, int align, int dept
q = align_offset(q, base, align);
DBG_RW_IVAL("gid ", depth, base, io, q, gid->gid ); q += 4;
DBG_RW_IVAL("attr", depth, base, io, q, gid->attr); q += 4;
DBG_RW_IVAL("g_rid", depth, base, io, q, gid->g_rid); q += 4;
DBG_RW_IVAL("attr ", depth, base, io, q, gid->attr ); q += 4;
return q;
}