mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
loadparm.c :
added "domain admin users" parameter
added "domain guest users" parameter
these two complement the "domain groups" parameter. the "domain groups"
parameter should be for your own groups, and well-known aliases.
util.c :
added ability to do "domain groups = power_users admin_users backup_ops"
which are well-known RID aliases, not well-known RID groups.
pipenetlog.c :
combine the "domain admin users"; "domain guest users" and "domain groups"
parameters to give an array of RID groups to include in the SAM Logon
response.
ipc.c smb.h :
moved REALLOC() into smb.h
added RID #defines.
proto.h:
usual.
(This used to be commit f2554f231d)
This commit is contained in:
Luke Leighton
parent
0083afc90e
commit
efe9b26a7b
@ -178,6 +178,8 @@ char *lp_announce_version(void);
|
||||
char *lp_netbios_aliases(void);
|
||||
char *lp_domainsid(void);
|
||||
char *lp_domain_groups(void);
|
||||
char *lp_domain_admin_users(void);
|
||||
char *lp_domain_guest_users(void);
|
||||
BOOL lp_dns_proxy(void);
|
||||
BOOL lp_wins_support(void);
|
||||
BOOL lp_wins_proxy(void);
|
||||
|
||||
@ -66,6 +66,8 @@ typedef int BOOL;
|
||||
typedef int smb_shm_offset_t;
|
||||
#define NULL_OFFSET (smb_shm_offset_t)(0)
|
||||
|
||||
/* limiting size of ipc replies */
|
||||
#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
|
||||
|
||||
/*
|
||||
Samba needs type definitions for int16, int32, uint16 and uint32.
|
||||
@ -298,6 +300,32 @@ typedef fstring string;
|
||||
#define NETSERVERGETINFO 0x15
|
||||
#define NETSHAREENUM 0x0f
|
||||
|
||||
/* well-known RIDs - Relative IDs */
|
||||
|
||||
/* RIDs - Well-known users ... */
|
||||
#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
|
||||
#define DOMAIN_USER_RID_GUEST (0x000001F5L)
|
||||
|
||||
/* RIDs - well-known groups ... */
|
||||
#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
|
||||
#define DOMAIN_GROUP_RID_USERS (0x00000201L)
|
||||
#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
|
||||
|
||||
/* RIDs - well-known aliases ... */
|
||||
#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
|
||||
#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
|
||||
#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
|
||||
#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
|
||||
|
||||
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
|
||||
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
|
||||
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
|
||||
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
|
||||
|
||||
#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
|
||||
|
||||
|
||||
|
||||
/* 32 bit time (sec) since 01jan1970 - cifs6.txt, section 3.5, page 30 */
|
||||
typedef struct time_info
|
||||
{
|
||||
|
||||
@ -4509,6 +4509,28 @@ char *tab_depth(int depth)
|
||||
return spaces;
|
||||
}
|
||||
|
||||
|
||||
/* array lookup of well-known RID aliases. the purpose of these escapes me.. */
|
||||
static struct
|
||||
{
|
||||
uint32 rid;
|
||||
char *rid_name;
|
||||
|
||||
} rid_lookups[] =
|
||||
{
|
||||
{ DOMAIN_ALIAS_RID_ADMINS , "admins" },
|
||||
{ DOMAIN_ALIAS_RID_USERS , "users" },
|
||||
{ DOMAIN_ALIAS_RID_GUESTS , "guests" },
|
||||
{ DOMAIN_ALIAS_RID_POWER_USERS , "power_users" },
|
||||
|
||||
{ DOMAIN_ALIAS_RID_ACCOUNT_OPS , "account_ops" },
|
||||
{ DOMAIN_ALIAS_RID_SYSTEM_OPS , "system_ops" },
|
||||
{ DOMAIN_ALIAS_RID_PRINT_OPS , "print_ops" },
|
||||
{ DOMAIN_ALIAS_RID_BACKUP_OPS , "backup_ops" },
|
||||
{ DOMAIN_ALIAS_RID_REPLICATOR , "replicator" },
|
||||
{ 0 , NULL }
|
||||
};
|
||||
|
||||
int make_domain_gids(char *gids_str, DOM_GID *gids)
|
||||
{
|
||||
char *ptr;
|
||||
@ -4523,12 +4545,26 @@ int make_domain_gids(char *gids_str, DOM_GID *gids)
|
||||
{
|
||||
/* the entries are of the form GID/ATTR, ATTR being optional.*/
|
||||
char *attr;
|
||||
uint32 rid = 0;
|
||||
int i;
|
||||
|
||||
attr = strchr(s2,'/');
|
||||
if (attr) *attr++ = 0;
|
||||
if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
|
||||
|
||||
gids[count].gid = atoi(s2);
|
||||
/* look up the RID string and see if we can turn it into a rid number */
|
||||
for (i = 0; rid_lookups[i].rid_name != NULL; i++)
|
||||
{
|
||||
if (strequal(rid_lookups[i].rid_name, s2))
|
||||
{
|
||||
rid = rid_lookups[i].rid;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (rid == 0) rid = atoi(s2);
|
||||
|
||||
gids[count].gid = rid;
|
||||
gids[count].attr = atoi(attr);
|
||||
|
||||
DEBUG(5,("group id: %d attr: %d\n", gids[count].gid, gids[count].attr));
|
||||
@ -4536,3 +4572,4 @@ int make_domain_gids(char *gids_str, DOM_GID *gids)
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
|
||||
@ -128,6 +128,8 @@ typedef struct
|
||||
char *szValidChars;
|
||||
char *szWorkGroup;
|
||||
char *szDomainController;
|
||||
char *szDomainAdminUsers;
|
||||
char *szDomainGuestUsers;
|
||||
char *szUsernameMap;
|
||||
char *szCharacterSet;
|
||||
char *szLogonScript;
|
||||
@ -447,6 +449,8 @@ struct parm_struct
|
||||
{"domain sid", P_USTRING, P_GLOBAL, &Globals.szDomainSID, NULL},
|
||||
{"domain groups", P_USTRING, P_GLOBAL, &Globals.szDomainGroups, NULL},
|
||||
{"domain controller",P_STRING, P_GLOBAL, &Globals.szDomainController,NULL},
|
||||
{"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL},
|
||||
{"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL},
|
||||
{"username map", P_STRING, P_GLOBAL, &Globals.szUsernameMap, NULL},
|
||||
{"character set", P_STRING, P_GLOBAL, &Globals.szCharacterSet, handle_character_set},
|
||||
{"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL},
|
||||
@ -865,6 +869,8 @@ FN_GLOBAL_STRING(lp_netbios_aliases,&Globals.szNetbiosAliases)
|
||||
|
||||
FN_GLOBAL_STRING(lp_domainsid,&Globals.szDomainSID)
|
||||
FN_GLOBAL_STRING(lp_domain_groups,&Globals.szDomainGroups)
|
||||
FN_GLOBAL_STRING(lp_domain_admin_users,&Globals.szDomainAdminUsers)
|
||||
FN_GLOBAL_STRING(lp_domain_guest_users,&Globals.szDomainGuestUsers)
|
||||
|
||||
FN_GLOBAL_BOOL(lp_dns_proxy,&Globals.bDNSproxy)
|
||||
FN_GLOBAL_BOOL(lp_wins_support,&Globals.bWINSsupport)
|
||||
|
||||
@ -508,6 +508,7 @@ static void api_lsa_sam_logon( user_struct *vuser,
|
||||
pstring home_drive;
|
||||
pstring my_name;
|
||||
pstring my_workgroup;
|
||||
pstring domain_groups;
|
||||
pstring dom_sid;
|
||||
extern pstring myname;
|
||||
|
||||
@ -518,6 +519,9 @@ static void api_lsa_sam_logon( user_struct *vuser,
|
||||
|
||||
pstrcpy(samlogon_user, unistr2(q_l.sam_id.auth.id1.uni_user_name.buffer));
|
||||
|
||||
DEBUG(3,("SAM Logon. Domain:[%s]. User [%s]\n",
|
||||
lp_workgroup(), samlogon_user));
|
||||
|
||||
/* hack to get standard_sub_basic() to use the sam logon username */
|
||||
sam_logon_in_ssb = True;
|
||||
|
||||
@ -529,7 +533,28 @@ static void api_lsa_sam_logon( user_struct *vuser,
|
||||
pstrcpy(home_drive , lp_logon_drive ());
|
||||
pstrcpy(home_dir , lp_logon_home ());
|
||||
|
||||
num_gids = make_domain_gids(lp_domain_groups(), gids);
|
||||
/* any additional groups this user is in. e.g power users */
|
||||
pstrcpy(domain_groups, lp_domain_groups());
|
||||
|
||||
/* one RID group always added: 512 (Admin); 513 (Users); 514 (Guests) */
|
||||
|
||||
if (user_in_list(samlogon_user, lp_domain_guest_users()))
|
||||
{
|
||||
DEBUG(3,("domain guest access granted\n"));
|
||||
strcat(domain_groups, " 514/7 ");
|
||||
}
|
||||
else if (user_in_list(samlogon_user, lp_domain_admin_users()))
|
||||
{
|
||||
DEBUG(3,("domain admin access granted\n"));
|
||||
strcat(domain_groups, " 512/7 ");
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG(3,("domain user access granted\n"));
|
||||
strcat(domain_groups, " 513/7 ");
|
||||
}
|
||||
|
||||
num_gids = make_domain_gids(domain_groups, gids);
|
||||
|
||||
sam_logon_in_ssb = False;
|
||||
|
||||
|
||||
@ -52,8 +52,6 @@ extern fstring myworkgroup;
|
||||
#define ERROR_INVALID_LEVEL 124
|
||||
#define ERROR_MORE_DATA 234
|
||||
|
||||
#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
|
||||
|
||||
#define ACCESS_READ 0x01
|
||||
#define ACCESS_WRITE 0x02
|
||||
#define ACCESS_CREATE 0x04
|
||||
|
||||
Loading…
Reference in New Issue
Block a user