diff options
author | Luke Leighton <lkcl@samba.org> | 2000-02-28 19:41:09 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-02-28 19:41:09 +0000 |
commit | 79b2fd4af9cd9d4a29ef9adab1b179f51106a805 (patch) | |
tree | 16362726453b97ebb7a6982ae173f64627822e15 | |
parent | cd8e2e1cf94169a532794fc35d8030184131e579 (diff) | |
download | samba-79b2fd4af9cd9d4a29ef9adab1b179f51106a805.tar.gz samba-79b2fd4af9cd9d4a29ef9adab1b179f51106a805.tar.xz samba-79b2fd4af9cd9d4a29ef9adab1b179f51106a805.zip |
From Elrond@Wunder-Nett.org Tue Feb 29 05:53:10 2000
Date: Mon, 28 Feb 2000 17:29:48 +0100
From: Elrond <Elrond@Wunder-Nett.org>
To: Luke Kenneth Casson Leighton <lkcl@samba.org>
Subject: _samr_query_sec_obj
Hi Luke,
- moved the SD-generation code out of
samrd/srv_samr_sam_tdb.c:_samr_query_sec_obj into its own
samrd/samr_util.c
- updated the SD to have the same order and include
Builtin\Account Operators, as seen on an nt4sp4 ws.
- used this function in samrpassd (which was broken here
and usrmgr didn't work) and samrtdbd (for consistency)
(I can't compile-check samrnt5ldap, so I will send Luke
Howard a patch to inspect.)
- clean-up: Mainly policy-handles... but also other stuff
- debugging and type-checking of data associated with
POLICY_HND in samrtdbd
(I suspect, there's a problem in sam_query_sec_obj, see
the new WARNING, that appears.)
- rpcclient/samedit: enumaliases has new option:
[-d Domain], so I could do "enumaliases -d Builtin"
After this patch my usrmgr worked better, but now it looks
like it is thinking, it talks to a WS instead of a server.
I can't see the domain-groups, only aliases, and in the
user-properties, there are only 3 buttons for "Groups",
"Profiles" and "RAS", the others are missing... I tried a
long time to find out about it... I failed, so could you
have a look at this?
[lkcl: this because winregd is returning "i am a wksta"]
Okay, and another thing:
You seemed to look for the bit on the user-objects, that
allows password-changing: I think, it must be 0x0004,
cause:
Everyone has: 0x2035b
Normal user : 0x20044
0x20040 is included in the bits, everyone has, 0x0004 is
left over....
Just some thoughts...
Elrond
-rw-r--r-- | source/Makefile.in | 21 | ||||
-rw-r--r-- | source/include/sids.h | 2 | ||||
-rw-r--r-- | source/lib/sids.c | 7 | ||||
-rw-r--r-- | source/lib/util_hnd.c | 4 | ||||
-rw-r--r-- | source/lib/util_sid.c | 2 | ||||
-rw-r--r-- | source/rpc_client/cli_samr.c | 5 | ||||
-rw-r--r-- | source/rpc_parse/parse_samr.c | 91 | ||||
-rw-r--r-- | source/rpc_server/srv_samr.c | 10 | ||||
-rw-r--r-- | source/rpcclient/cmd_samr.c | 26 | ||||
-rw-r--r-- | source/rpcclient/display_sec.c | 14 | ||||
-rw-r--r-- | source/samrd/samr_util.c | 89 | ||||
-rw-r--r-- | source/samrd/srv_samr_dom_tdb.c | 2 | ||||
-rw-r--r-- | source/samrd/srv_samr_passdb.c | 5 | ||||
-rw-r--r-- | source/samrd/srv_samr_sam_tdb.c | 46 | ||||
-rw-r--r-- | source/samrd/srv_samr_tdb.c | 34 |
15 files changed, 226 insertions, 132 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index 395df94e3c1..11aeccead22 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -307,19 +307,22 @@ SAMRTDBLIB_OBJ = lib/util_pwdb.o lib/domain_namemap.o \ samrd/srv_samr_usr_tdb.o \ samrd/srv_samr_grp_tdb.o \ samrd/srv_samr_als_tdb.o \ - samrd/srv_samr_tdb.o + samrd/srv_samr_tdb.o \ + samrd/samr_util.o SAMRNT5LDAPLIB_OBJ = lib/util_pwdb.o lib/domain_namemap.o \ samrd/srv_samr_usr_nt5ldap.o \ samrd/srv_samr_dom_nt5ldap.o \ - samrd/srv_samr_nt5ldap.o + samrd/srv_samr_nt5ldap.o \ + samrd/samr_util.o # samrd/srv_samr_sam_nt5ldap.o \ # samrd/srv_samr_grp_nt5ldap.o \ # samrd/srv_samr_als_nt5ldap.o \ SAMRPASSLIB_OBJ = rpc_server/srv_lookup.o \ samrd/srv_samr_passdb.o \ - smbd/chgpasswd.o + smbd/chgpasswd.o \ + samrd/samr_util.o SAMRD_OBJ1 = samrd/samrd.o \ rpc_server/srv_pipe_ntlmssp.o \ @@ -411,13 +414,17 @@ LIBSURS_OBJ = lib/surs.o lib/sursalgdomonly.o \ lib/sursalgnt5ldap.o \ lib/surstdb.o -SAMRD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAM_PWDB_LIB) $(LIBSURS) +SAMRD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAM_PWDB_LIB) \ + $(LIBSURS) -SAMRPASSD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRPASSLIB) $(SMBPWLIB) +SAMRPASSD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRPASSLIB) $(SMBPWLIB) \ + $(LIBSURS) -SAMRTDBD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRTDBLIB) +SAMRTDBD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRTDBLIB) \ + $(LIBSURS) -SAMRNT5LDAPD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRNT5LDAPLIB) +SAMRNT5LDAPD_LIBS = $(SAMBA_LIBS) $(UBIQXLIB) $(SAMRNT5LDAPLIB) \ + $(LIBSURS) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \ diff --git a/source/include/sids.h b/source/include/sids.h index f4a8d83b680..12ec6714e01 100644 --- a/source/include/sids.h +++ b/source/include/sids.h @@ -36,4 +36,6 @@ extern DOM_SID global_sid_S_1_3; /* Creator Owner */ extern DOM_SID global_sid_S_1_5; /* NT Authority */ extern DOM_SID global_sid_system; /* SYSTEM */ +extern const DOM_SID *global_sid_everyone; + #endif /* _SIDS_H */ diff --git a/source/lib/sids.c b/source/lib/sids.c index 56d6a9c21d4..3e66c09e213 100644 --- a/source/lib/sids.c +++ b/source/lib/sids.c @@ -2,7 +2,8 @@ Unix SMB/Netbios implementation. Version 1.9. Samba utility functions - Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Andrew Tridgell 1992-2000, + Copyright (C) Elrond 2000 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -71,6 +72,8 @@ DOM_SID global_sid_S_1_5; /* NT Authority */ DOM_SID global_sid_system; /* NT System */ DOM_SID global_sid_S_1_1_0; /* everyone */ +const DOM_SID *global_sid_everyone = NULL; + struct sid_map { DOM_SID *sid; @@ -228,6 +231,8 @@ void generate_wellknown_sids(void) string_to_sid(&global_sid_S_1_3 , "S-1-3" ); string_to_sid(&global_sid_S_1_5 , "S-1-5" ); string_to_sid(&global_sid_system , "S-1-5-17"); + + global_sid_everyone = &global_sid_S_1_1_0; } /**************************************************************************** diff --git a/source/lib/util_hnd.c b/source/lib/util_hnd.c index 6e0fd73c7ff..7715ba7aefc 100644 --- a/source/lib/util_hnd.c +++ b/source/lib/util_hnd.c @@ -5,6 +5,7 @@ * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, + * Copyright (C) Elrond 2000 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -313,7 +314,8 @@ BOOL set_policy_state(struct policy_cache *cache, POLICY_HND *hnd, if (p && p->open) { - DEBUG(3,("Setting policy state pnum=%x\n", p->pnum)); + DEBUG(3, ("policy(pnum=%x %s): Setting policy state\n", + p->pnum, pol_get_name(p))); p->dev = dev; p->free_fn = fn; diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c index b0a82877146..9861aecf25a 100644 --- a/source/lib/util_sid.c +++ b/source/lib/util_sid.c @@ -47,7 +47,7 @@ char *sid_to_string(pstring sidstr_out, const DOM_SID *sid) pstrcat(sidstr_out, subauth); } - DEBUG(7,("sid_to_string returning %s\n", sidstr_out)); + DEBUG(20, ("sid_to_string returning %s\n", sidstr_out)); return sidstr_out; } diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index 64659327fa6..b233f70e15a 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -4,6 +4,7 @@ NT Domain Authentication SMB / MSRPC client Copyright (C) Andrew Tridgell 1994-2000 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Elrond 2000 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -331,6 +332,8 @@ uint32 samr_enum_dom_groups( POLICY_HND *pol, SAMR_R_ENUM_DOM_GROUPS r_e; BOOL p; + ZERO_STRUCT(r_e); + samr_io_r_enum_dom_groups("", &r_e, &rdata, 0); status = r_e.status; @@ -2024,7 +2027,7 @@ BOOL samr_query_useraliases( const POLICY_HND *pol, prs_init(&rdata, 0, 4, True ); /* store the parameters */ - make_samr_q_query_useraliases(&q_o, pol, ptr_sid, sid); + make_samr_q_query_useraliases(&q_o, pol, 1, ptr_sid, sid); /* turn parameters into data stream */ if (samr_io_q_query_useraliases("", &q_o, &data, 0) && diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 1d4b8950029..1e92b235b82 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -2,9 +2,10 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1999, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, - * Copyright (C) Paul Ashton 1997-1999. + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, + * Copyright (C) Paul Ashton 1997-2000, + * Copyright (C) Elrond 2000 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -367,7 +368,7 @@ BOOL make_samr_q_query_sec_obj(SAMR_Q_QUERY_SEC_OBJ *q_u, DEBUG(5,("samr_make_samr_q_query_sec_obj\n")); - memcpy(&q_u->user_pol, user_pol, sizeof(q_u->user_pol)); + q_u->user_pol = *user_pol; q_u->sec_info = sec_info; return True; @@ -404,7 +405,7 @@ BOOL make_samr_q_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, DEBUG(5,("samr_make_samr_q_query_dom_info\n")); - memcpy(&q_u->domain_pol, domain_pol, sizeof(q_u->domain_pol)); + q_u->domain_pol = *domain_pol; q_u->switch_value = switch_value; return True; @@ -762,11 +763,11 @@ static BOOL sam_io_sam_str1(char *desc, SAM_STR1 *sam, uint32 acct_buf, uint32 prs_align(ps); - smb_io_unistr2("unistr2", &(sam->uni_acct_name), acct_buf, ps, depth); /* account name unicode string */ + smb_io_unistr2("name", &(sam->uni_acct_name), acct_buf, ps, depth); /* account name unicode string */ prs_align(ps); - smb_io_unistr2("unistr2", &(sam->uni_full_name), name_buf, ps, depth); /* full name unicode string */ + smb_io_unistr2("full_name", &(sam->uni_full_name), name_buf, ps, depth); /* full name unicode string */ prs_align(ps); - smb_io_unistr2("unistr2", &(sam->uni_acct_desc), desc_buf, ps, depth); /* account desc unicode string */ + smb_io_unistr2("desc", &(sam->uni_acct_desc), desc_buf, ps, depth); /* account desc unicode string */ prs_align(ps); return True; @@ -1063,7 +1064,7 @@ BOOL make_samr_q_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_e, POLICY_HND *pol, DEBUG(5,("make_samr_q_enum_dom_users\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->start_idx = start_idx; /* zero indicates lots */ q_e->acb_mask = acb_mask; @@ -1201,7 +1202,7 @@ BOOL make_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_e, POLICY_HND *pol, DEBUG(5,("make_samr_q_query_dispinfo\n")); - memcpy(&(q_e->domain_pol), pol, sizeof(*pol)); + q_e->domain_pol = *pol; q_e->switch_level = switch_level; @@ -1709,7 +1710,7 @@ BOOL make_samr_q_open_group(SAMR_Q_OPEN_GROUP *q_c, DEBUG(5,("make_samr_q_open_group\n")); - memcpy(&(q_c->domain_pol), hnd, sizeof(q_c->domain_pol)); + q_c->domain_pol = *hnd; q_c->access_mask = access_mask; q_c->rid_group = rid; @@ -1898,7 +1899,7 @@ BOOL make_samr_q_create_dom_group(SAMR_Q_CREATE_DOM_GROUP *q_e, DEBUG(5,("make_samr_q_create_dom_group\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; make_uni_hdr(&(q_e->hdr_acct_desc), acct_len); make_unistr2(&(q_e->uni_acct_desc), acct_desc, acct_len); @@ -1963,7 +1964,7 @@ BOOL make_samr_q_delete_dom_group(SAMR_Q_DELETE_DOM_GROUP *q_c, POLICY_HND *hnd) DEBUG(5,("make_samr_q_delete_dom_group\n")); - memcpy(&(q_c->group_pol), hnd, sizeof(q_c->group_pol)); + q_c->group_pol = *hnd; return True; } @@ -2015,14 +2016,13 @@ BOOL make_samr_q_del_groupmem(SAMR_Q_DEL_GROUPMEM *q_e, DEBUG(5,("make_samr_q_del_groupmem\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->rid = rid; return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -2089,7 +2089,7 @@ BOOL make_samr_q_add_groupmem(SAMR_Q_ADD_GROUPMEM *q_e, DEBUG(5,("make_samr_q_add_groupmem\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->rid = rid; q_e->unknown = 0x0005; @@ -2164,7 +2164,7 @@ BOOL make_samr_q_set_groupinfo(SAMR_Q_SET_GROUPINFO *q_e, DEBUG(5,("make_samr_q_set_groupinfo\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->ctr = ctr; return True; @@ -2236,7 +2236,7 @@ BOOL make_samr_q_query_groupinfo(SAMR_Q_QUERY_GROUPINFO *q_e, DEBUG(5,("make_samr_q_query_groupinfo\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->switch_level = switch_level; @@ -2282,7 +2282,6 @@ BOOL make_samr_r_query_groupinfo(SAMR_R_QUERY_GROUPINFO *r_u, GROUP_INFO_CTR *ct return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -2317,7 +2316,7 @@ BOOL make_samr_q_query_groupmem(SAMR_Q_QUERY_GROUPMEM *q_c, POLICY_HND *hnd) DEBUG(5,("make_samr_q_query_groupmem\n")); - memcpy(&(q_c->group_pol), hnd, sizeof(q_c->group_pol)); + q_c->group_pol = *hnd; return True; } @@ -2608,14 +2607,15 @@ BOOL samr_io_r_query_usergroups(char *desc, SAMR_R_QUERY_USERGROUPS *r_u, prs_st /******************************************************************* makes a SAMR_Q_ENUM_DOMAINS structure. ********************************************************************/ -BOOL make_samr_q_enum_domains(SAMR_Q_ENUM_DOMAINS *q_e, POLICY_HND *pol, - uint32 start_idx, uint32 size) +BOOL make_samr_q_enum_domains(SAMR_Q_ENUM_DOMAINS *q_e, + const POLICY_HND *pol, + uint32 start_idx, uint32 size) { if (q_e == NULL || pol == NULL) return False; DEBUG(5,("make_samr_q_enum_domains\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->start_idx = start_idx; q_e->max_size = size; @@ -2623,7 +2623,6 @@ BOOL make_samr_q_enum_domains(SAMR_Q_ENUM_DOMAINS *q_e, POLICY_HND *pol, return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -2741,17 +2740,19 @@ BOOL samr_io_r_enum_domains(char *desc, SAMR_R_ENUM_DOMAINS *r_u, prs_struct *ps return True; } + /******************************************************************* makes a SAMR_Q_ENUM_DOM_GROUPS structure. ********************************************************************/ -BOOL make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, - uint32 start_idx, uint32 size) +BOOL make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, + const POLICY_HND *pol, + uint32 start_idx, uint32 size) { if (q_e == NULL || pol == NULL) return False; DEBUG(5,("make_samr_q_enum_dom_groups\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->start_idx = start_idx; q_e->max_size = size; @@ -2759,7 +2760,6 @@ BOOL make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -2883,7 +2883,7 @@ BOOL make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol, DEBUG(5,("make_samr_q_enum_dom_aliases\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->start_idx = start_idx; q_e->max_size = size; @@ -3023,7 +3023,6 @@ BOOL make_samr_alias_info3(ALIAS_INFO3 *al3, const char *acct_desc) return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -3080,21 +3079,19 @@ BOOL samr_alias_info_ctr(char *desc, ALIAS_INFO_CTR *ctr, prs_struct *ps, int d makes a SAMR_Q_QUERY_ALIASINFO structure. ********************************************************************/ BOOL make_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_e, - POLICY_HND *pol, - uint16 switch_level) + const POLICY_HND *pol, uint16 switch_level) { if (q_e == NULL || pol == NULL) return False; DEBUG(5,("make_samr_q_query_aliasinfo\n")); - memcpy(&(q_e->pol), pol, sizeof(*pol)); + q_e->pol = *pol; q_e->switch_level = switch_level; return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -3115,12 +3112,11 @@ BOOL samr_io_q_query_aliasinfo(char *desc, SAMR_Q_QUERY_ALIASINFO *q_e, prs_str return True; } - /******************************************************************* makes a SAMR_R_QUERY_ALIASINFO structure. ********************************************************************/ -BOOL make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, ALIAS_INFO_CTR *ctr, - uint32 status) +BOOL make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, + ALIAS_INFO_CTR *ctr, uint32 status) { if (r_u == NULL) return False; @@ -3133,7 +3129,6 @@ BOOL make_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *r_u, ALIAS_INFO_CTR *ct return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -3162,20 +3157,20 @@ BOOL samr_io_r_query_aliasinfo(char *desc, SAMR_R_QUERY_ALIASINFO *r_u, prs_str /******************************************************************* makes a SAMR_Q_SET_ALIASINFO structure. ********************************************************************/ -BOOL make_samr_q_set_aliasinfo(SAMR_Q_SET_ALIASINFO *q_u, POLICY_HND *hnd, - ALIAS_INFO_CTR *ctr) +BOOL make_samr_q_set_aliasinfo(SAMR_Q_SET_ALIASINFO *q_u, + const POLICY_HND *hnd, + ALIAS_INFO_CTR *ctr) { if (q_u == NULL) return False; DEBUG(5,("make_samr_q_set_aliasinfo\n")); - memcpy(&(q_u->alias_pol), hnd, sizeof(q_u->alias_pol)); + q_u->alias_pol = *hnd; q_u->ctr = ctr; return True; } - /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -3211,23 +3206,23 @@ BOOL samr_io_r_set_aliasinfo(char *desc, SAMR_R_SET_ALIASINFO *r_u, prs_struct } - /******************************************************************* makes a SAMR_Q_QUERY_USERALIASES structure. ********************************************************************/ BOOL make_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u, - const POLICY_HND *hnd, - uint32 *ptr_sid, DOM_SID2 *sid) + const POLICY_HND *hnd, + uint32 num_sids, + uint32 *ptr_sid, DOM_SID2 *sid) { if (q_u == NULL || hnd == NULL) return False; DEBUG(5,("make_samr_q_query_useraliases\n")); - memcpy(&(q_u->pol), hnd, sizeof(q_u->pol)); + q_u->pol = *hnd; - q_u->num_sids1 = 1; + q_u->num_sids1 = num_sids; q_u->ptr = 1; - q_u->num_sids2 = 1; + q_u->num_sids2 = num_sids; q_u->ptr_sid = ptr_sid; q_u->sid = sid; diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c index d92e299cb50..23553722cf8 100644 --- a/source/rpc_server/srv_samr.c +++ b/source/rpc_server/srv_samr.c @@ -28,12 +28,6 @@ extern int DEBUGLEVEL; -extern fstring global_sam_name; -extern pstring global_myname; -extern DOM_SID global_sam_sid; -extern DOM_SID global_sid_S_1_1; -extern DOM_SID global_sid_S_1_5_20; - /******************************************************************* api_samr_close_hnd ********************************************************************/ @@ -123,6 +117,10 @@ static BOOL api_samr_query_sec_obj( rpcsrv_struct *p, prs_struct *data, prs_stru } r_u.status = _samr_query_sec_obj(&q_u.user_pol, &r_u.buf); + if (r_u.buf.len == 0) + { + return False; + } r_u.ptr = 1; /* man, we don't have any choice! NT bombs otherwise! */ return samr_io_r_query_sec_obj("", &r_u, rdata, 0); } diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index 874761644b8..cb010396e9e 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -3040,19 +3040,16 @@ void cmd_sam_enum_aliases(struct client_info *info, int argc, char *argv[]) sid_to_string(sid, &sid1); fstrcpy(domain, info->dom.level5_dom); - if (sid1.num_auths == 0) - { - if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) != 0x0) - { - report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); - return; - } - } - - while ((opt = getopt(argc, argv, "ma")) != EOF) + while ((opt = getopt(argc, argv, "mad:")) != EOF) { switch (opt) { + case 'd': + { + fill_domain_sid(srv_name, optarg, + domain, &sid1); + break; + } case 'm': { request_member_info = True; @@ -3066,6 +3063,15 @@ void cmd_sam_enum_aliases(struct client_info *info, int argc, char *argv[]) } } + if (sid1.num_auths == 0) + { + if (msrpc_sam_get_first_domain(srv_name, domain, &sid1) != 0x0) + { + report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); + return; + } + } + report(out_hnd, "SAM Enumerate Aliases\n"); msrpc_sam_enum_aliases(srv_name, domain, &sid1, diff --git a/source/rpcclient/display_sec.c b/source/rpcclient/display_sec.c index 1916bdcb88d..e0e3bf0831c 100644 --- a/source/rpcclient/display_sec.c +++ b/source/rpcclient/display_sec.c @@ -21,12 +21,13 @@ */ #include "includes.h" +#include "rpcclient.h" /**************************************************************************** convert a security permissions into a string ****************************************************************************/ -char *get_sec_mask_str(uint32 type) +static const char *get_sec_mask_str(uint32 type) { static fstring typestr; int i; @@ -90,7 +91,7 @@ char *get_sec_mask_str(uint32 type) /**************************************************************************** display sec_access structure ****************************************************************************/ -void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *const info) +static void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *const info) { switch (action) { @@ -113,7 +114,7 @@ void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *cons /**************************************************************************** display sec_ace structure ****************************************************************************/ -void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *const ace) +static void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *const ace) { switch (action) { @@ -126,6 +127,11 @@ void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *const ace) { fstring sid_str; + report(out_hnd, + "\t\tType:%2x Flags:%2x Perms:%04x\n", + ace->type, ace->flags, + (uint32) ace->info.mask); + display_sec_access(out_hnd, ACTION_HEADER , &ace->info); display_sec_access(out_hnd, ACTION_ENUMERATE, &ace->info); display_sec_access(out_hnd, ACTION_FOOTER , &ace->info); @@ -143,7 +149,7 @@ void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *const ace) /**************************************************************************** display sec_acl structure ****************************************************************************/ -void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *const sec_acl) +static void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *const sec_acl) { if (sec_acl == NULL) { diff --git a/source/samrd/samr_util.c b/source/samrd/samr_util.c new file mode 100644 index 00000000000..2d1c2f06b8d --- /dev/null +++ b/source/samrd/samr_util.c @@ -0,0 +1,89 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, + * Copyright (C) Sander Striker 2000, + * Copyright (C) Elrond 2000 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +#include "includes.h" +#include "rpc_parse.h" +#include "nterr.h" +#include "sids.h" + +extern int DEBUGLEVEL; + + +/******************************************************************* + samr_make_usr_obj_sd + ********************************************************************/ +uint32 samr_make_usr_obj_sd(SEC_DESC_BUF *buf, DOM_SID *usr_sid) +{ + DOM_SID adm_sid; + DOM_SID act_sid; + DOM_SID glb_sid; + + SEC_ACL *dacl = NULL; + SEC_ACE *dace = NULL; + SEC_ACCESS mask; + SEC_DESC *sec = NULL; + int len; + + DEBUG(15, ("samr_make_usr_obj_sd: %d\n", __LINE__)); + + dacl = malloc(sizeof(*dacl)); + dace = malloc(4 * sizeof(*dace)); + sec = malloc(sizeof(*sec)); + + if (dacl == NULL || dace == NULL || sec == NULL) + { + safe_free(dacl); + safe_free(dace); + safe_free(sec); + return NT_STATUS_NO_MEMORY; + } + + sid_copy(&adm_sid, &global_sid_S_1_5_20); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_S_1_5_20); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + sid_copy(&glb_sid, global_sid_everyone); + + mask.mask = 0x2035b; + make_sec_ace(&dace[0], &glb_sid, 0, mask, 0); + mask.mask = 0xf07ff; + make_sec_ace(&dace[1], &adm_sid, 0, mask, 0); + make_sec_ace(&dace[2], &act_sid, 0, mask, 0); + mask.mask = 0x20044; + make_sec_ace(&dace[3], usr_sid, 0, mask, 0); + + make_sec_acl(dacl, 2, 4, dace); + + len = make_sec_desc(sec, 1, + SEC_DESC_DACL_PRESENT|SEC_DESC_SELF_RELATIVE, + NULL, NULL, NULL, dacl); + + make_sec_desc_buf(buf, len, sec); + buf->undoc = 0x1; + + return NT_STATUS_NOPROBLEMO; +} diff --git a/source/samrd/srv_samr_dom_tdb.c b/source/samrd/srv_samr_dom_tdb.c index 32d1c256a14..72ff69cf943 100644 --- a/source/samrd/srv_samr_dom_tdb.c +++ b/source/samrd/srv_samr_dom_tdb.c @@ -104,6 +104,8 @@ uint32 _samr_open_domain(const POLICY_HND *connect_pol, return NT_STATUS_ACCESS_DENIED; } + policy_hnd_set_name(get_global_hnd_cache(), domain_pol, "domain_pol"); + /* associate the domain SID with the (unique) handle. */ if (!set_tdbdomsid(get_global_hnd_cache(), domain_pol, NULL, NULL, NULL, NULL, NULL, sid)) diff --git a/source/samrd/srv_samr_passdb.c b/source/samrd/srv_samr_passdb.c index d866fb696f0..5359d2895eb 100644 --- a/source/samrd/srv_samr_passdb.c +++ b/source/samrd/srv_samr_passdb.c @@ -193,12 +193,9 @@ static uint32 samr_open_by_sid( const POLICY_HND *parent_pol, ********************************************************************/ uint32 _samr_close(POLICY_HND *hnd) { - /* set up the SAMR unknown_1 response */ - /* close the policy handle */ if (close_policy_hnd(get_global_hnd_cache(), hnd)) { - bzero(hnd, sizeof(*hnd)); return NT_STATUS_NOPROBLEMO; } return NT_STATUS_OBJECT_NAME_INVALID; @@ -311,7 +308,7 @@ uint32 _samr_query_sec_obj(const POLICY_HND *user_pol, SEC_DESC_BUF *buf) #endif DEBUG(5,("samr_query_sec_obj: %d\n", __LINE__)); - return NT_STATUS_NOPROBLEMO; + return samr_make_usr_obj_sd(buf, &usr_sid); } /******************************************************************* diff --git a/source/samrd/srv_samr_sam_tdb.c b/source/samrd/srv_samr_sam_tdb.c index 2f81392ab5e..d8379100629 100644 --- a/source/samrd/srv_samr_sam_tdb.c +++ b/source/samrd/srv_samr_sam_tdb.c @@ -143,6 +143,8 @@ static uint32 tdb_samr_connect( POLICY_HND *pol, uint32 ace_perms) return NT_STATUS_ACCESS_DENIED; } + policy_hnd_set_name(get_global_hnd_cache(), pol, "sam_connect"); + become_root(True); sam_tdb = tdb_open(passdb_path("sam.tdb"), 0, 0, O_RDONLY, 0644); unbecome_root(True); @@ -306,14 +308,7 @@ uint32 _samr_query_sec_obj(const POLICY_HND *pol, SEC_DESC_BUF *buf) { uint32 rid; DOM_SID usr_sid; - DOM_SID adm_sid; - DOM_SID glb_sid; TDB_CONTEXT *tdb = NULL; - SEC_ACL *dacl = NULL; - SEC_ACE *dace = NULL; - SEC_ACCESS mask; - SEC_DESC *sec = NULL; - int len; /* find the policy handle. open a policy on it. */ if (!get_tdbrid(get_global_hnd_cache(), pol, &tdb, NULL, NULL, &rid)) @@ -321,45 +316,10 @@ uint32 _samr_query_sec_obj(const POLICY_HND *pol, SEC_DESC_BUF *buf) return NT_STATUS_INVALID_HANDLE; } - dacl = malloc(sizeof(*dacl)); - dace = malloc(3 * sizeof(*dace)); - sec = malloc(sizeof(*sec)); - - if (dacl == NULL || dace == NULL || sec == NULL) - { - safe_free(dacl); - safe_free(dace); - safe_free(sec); - return NT_STATUS_NO_MEMORY; - } - sid_copy(&usr_sid, &global_sam_sid); sid_append_rid(&usr_sid, rid); - sid_copy(&adm_sid, &global_sid_S_1_5_20); - sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); - - sid_copy(&glb_sid, &global_sid_S_1_1); - sid_append_rid(&glb_sid, 0x0); - - - mask.mask = 0x20044; - make_sec_ace(&dace[0], &usr_sid, 0, mask, 0); - mask.mask = 0xf07ff; - make_sec_ace(&dace[1], &adm_sid, 0, mask, 0); - mask.mask = 0x2035b; - make_sec_ace(&dace[2], &glb_sid, 0, mask, 0); - - make_sec_acl(dacl, 2, 3, dace); - - len = make_sec_desc(sec, 1, - SEC_DESC_DACL_PRESENT|SEC_DESC_SELF_RELATIVE, - NULL, NULL, NULL, dacl); - - make_sec_desc_buf(buf, len, sec); - buf->undoc = 0x1; - DEBUG(5,("samr_query_sec_obj: %d\n", __LINE__)); - return NT_STATUS_NOPROBLEMO; + return samr_make_usr_obj_sd(buf, &usr_sid);; } diff --git a/source/samrd/srv_samr_tdb.c b/source/samrd/srv_samr_tdb.c index bd905f48f17..3d9df8abd18 100644 --- a/source/samrd/srv_samr_tdb.c +++ b/source/samrd/srv_samr_tdb.c @@ -65,6 +65,11 @@ typedef struct tdb_sam_info } TDB_SAM_INFO; + +#define POL_TYPE_TDBRID 1 +#define POL_TYPE_TDBSAM 2 + + static void free_tdbdom_info(void *dev) { TDB_DOM_INFO *tdbi = (TDB_DOM_INFO *) dev; @@ -152,6 +157,8 @@ BOOL set_tdbrid(struct policy_cache *cache, POLICY_HND *hnd, (void *)dev)) { DEBUG(3, ("Service setting policy rid=%x\n", rid)); + policy_hnd_set_state_type(cache, hnd, + POL_TYPE_TDBRID); return True; } free(dev); @@ -168,8 +175,14 @@ BOOL get_tdbrid(struct policy_cache *cache, const POLICY_HND *hnd, TDB_CONTEXT ** usr_tdb, TDB_CONTEXT ** grp_tdb, TDB_CONTEXT ** als_tdb, uint32 * rid) { - TDB_RID_INFO *dev = - (TDB_RID_INFO *) get_policy_state_info(cache, hnd); + TDB_RID_INFO *dev; + + if (!policy_hnd_check_state_type(cache, hnd, POL_TYPE_TDBRID)) + { + DEBUG(1, ("WARNING: get_tdbrid: handle has wrong type!\n")); + } + + dev = (TDB_RID_INFO *) get_policy_state_info(cache, hnd); if (dev != NULL) { @@ -203,7 +216,6 @@ BOOL get_tdbrid(struct policy_cache *cache, const POLICY_HND *hnd, BOOL set_tdbsam(struct policy_cache *cache, POLICY_HND *hnd, TDB_CONTEXT * tdb) { - pstring sidstr; TDB_SAM_INFO *dev = malloc(sizeof(*dev)); if (dev != NULL) @@ -213,7 +225,9 @@ BOOL set_tdbsam(struct policy_cache *cache, POLICY_HND *hnd, if (set_policy_state (cache, hnd, free_tdbsam_info, (void *)dev)) { - DEBUG(3, ("Service setting policy sid=%s\n", sidstr)); + DEBUG(3, ("Service setting policy sam\n")); + policy_hnd_set_state_type(cache, hnd, + POL_TYPE_TDBSAM); return True; } free(dev); @@ -229,8 +243,14 @@ BOOL set_tdbsam(struct policy_cache *cache, POLICY_HND *hnd, BOOL get_tdbsam(struct policy_cache *cache, const POLICY_HND *hnd, TDB_CONTEXT ** tdb) { - TDB_SAM_INFO *dev = - (TDB_SAM_INFO *) get_policy_state_info(cache, hnd); + TDB_SAM_INFO *dev; + + if (!policy_hnd_check_state_type(cache, hnd, POL_TYPE_TDBSAM)) + { + DEBUG(1, ("WARNING: get_tdbsam: handle has wrong type!\n")); + } + + dev = (TDB_SAM_INFO *) get_policy_state_info(cache, hnd); if (dev != NULL) { @@ -427,6 +447,8 @@ uint32 samr_open_user_tdb(const POLICY_HND *parent_pol, return NT_STATUS_ACCESS_DENIED; } + policy_hnd_set_name(get_global_hnd_cache(), pol, "sam_user"); + if (usr_tdb == NULL && ace_perms == SEC_RIGHTS_MAXIMUM_ALLOWED) { DEBUG(10, ("samr_open_user_tdb: max perms requested\n")); |