diff options
| author | Luke Leighton <lkcl@samba.org> | 2000-03-14 20:53:28 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 2000-03-14 20:53:28 +0000 |
| commit | 382339e96a2b242b959c610d994ae37472f15053 (patch) | |
| tree | 0f6e66c96ca400f4bb99c494f3109fbb12423f3c | |
| parent | 7575231df0474a344371c626d73e02c69c963a85 (diff) | |
| download | samba-382339e96a2b242b959c610d994ae37472f15053.tar.gz samba-382339e96a2b242b959c610d994ae37472f15053.tar.xz samba-382339e96a2b242b959c610d994ae37472f15053.zip | |
From Elrond@Wunder-Nett.org Wed Mar 15 06:14:36 2000
Date: Tue, 14 Mar 2000 19:23:04 +0100
From: Elrond <Elrond@Wunder-Nett.org>
To: Luke Kenneth Casson Leighton <lkcl@samba.org>
Subject: Re: _lsa_lookup_names
On Tue, Mar 14, 2000 at 08:20:26AM +1100, Luke Kenneth Casson Leighton wrote:
> elrond, this function isn't used, yet.
I did the conversion this morning and the diff is
appended.
[lkcl: thanks elrond]
I also added some more handle-names. Hope someone else
likes them. ;)
[lkcl: me! me! :)]
Elrond
| -rw-r--r-- | source/Makefile.in | 7 | ||||
| -rwxr-xr-x | source/configure.developer | 2 | ||||
| -rw-r--r-- | source/include/proto.h | 4 | ||||
| -rw-r--r-- | source/include/rpc_lsa.h | 2 | ||||
| -rw-r--r-- | source/lsarpcd/srv_lsa.c | 192 | ||||
| -rw-r--r-- | source/lsarpcd/srv_lsa_samdb.c | 15 | ||||
| -rw-r--r-- | source/msrpc/msrpcd_process.c | 4 | ||||
| -rw-r--r-- | source/rpc_client/cli_pipe_noauth.c | 1 | ||||
| -rw-r--r-- | source/rpc_client/cli_pipe_ntlmssp.c | 1 | ||||
| -rw-r--r-- | source/rpc_client/cli_samr.c | 8 | ||||
| -rw-r--r-- | source/rpcclient/cmd_netlogon.c | 100 |
11 files changed, 159 insertions, 177 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index a0dfeed6cc0..dc4227a2dfa 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -1074,7 +1074,8 @@ nsswitch/ntdom.so: $(NSS_OBJ) @echo "Linking $@" @$(LD) @LDSHFLAGS@ -o $@ $(NSS_OBJ) -lc -install: installdirs \ +install: all \ + installdirs \ install-libs installbin install-sbin \ installman installscripts installcp installswat @@ -1090,13 +1091,13 @@ install-libs: $(SHARED_LIBS) installdirs $(LIBTOOL) --mode=install $(INSTALL) $$p $(DESTDIR)$(LIBDIR); \ done -installbin: all installdirs +installbin: $(PROGS) installdirs @list='$(PROGS)'; for p in $$list; do \ echo Installing $$p in $(BINDIR) using libtool; \ $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(BINDIR); \ done -install-sbin: all installdirs +install-sbin: $(SPROGS) installdirs @list='$(SPROGS)'; for p in $$list; do \ echo Installing $$p in $(SBINDIR) using libtool; \ $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(SBINDIR); \ diff --git a/source/configure.developer b/source/configure.developer index ab732416f1e..efc6e23fc42 100755 --- a/source/configure.developer +++ b/source/configure.developer @@ -1,3 +1,3 @@ #!/bin/sh -CFLAGS="-g -O2 -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD"; export CFLAGS +CFLAGS="-g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD"; export CFLAGS ./configure $* diff --git a/source/include/proto.h b/source/include/proto.h index ed8f37fe030..148532a218f 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1163,6 +1163,10 @@ uint32 _lsa_open_policy(const UNISTR2 *server_name, POLICY_HND *hnd, uint32 _lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, uint32 *num_doms, UNISTR2 **uni_names, DOM_SID ***sids); +uint32 _lsa_lookup_names(const POLICY_HND *pol, + uint32 num_entries, const UNISTR2 *name, + DOM_R_REF *ref, DOM_RID2 **ret_rid2, + uint32 *mapped_count); uint32 _lsa_lookup_sids(const POLICY_HND *hnd, uint32 num_entries, DOM_SID2 *sid, const LOOKUP_LEVEL *level, diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h index 3d6ae0289af..8d163a066c0 100644 --- a/source/include/rpc_lsa.h +++ b/source/include/rpc_lsa.h @@ -88,9 +88,9 @@ enum SID_NAME_USE /* ntlsa pipe */ #define LSA_CLOSE 0x00 +#define LSA_QUERYSECOBJECT 0x03 #define LSA_OPENPOLICY 0x06 #define LSA_QUERYINFOPOLICY 0x07 -#define LSA_QUERYSECOBJECT 0x03 #define LSA_ENUMTRUSTDOM 0x0d #define LSA_LOOKUPNAMES 0x0e #define LSA_LOOKUPSIDS 0x0f diff --git a/source/lsarpcd/srv_lsa.c b/source/lsarpcd/srv_lsa.c index 3bf4b43cb83..707d13d99b4 100644 --- a/source/lsarpcd/srv_lsa.c +++ b/source/lsarpcd/srv_lsa.c @@ -54,156 +54,28 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) make_dom_sid2(&(d_q->dom_sid), dom_sid); } -/*************************************************************************** -make_lsa_rid2s - ***************************************************************************/ -static uint32 get_remote_sid(const char *dom_name, char *find_name, - DOM_SID *sid, uint32 *rid, uint32 *sid_name_use) -{ - fstring srv_name; - fstring dummy; - uint32 status; - - DEBUG(10, ("lookup remote name: %s %s\n", - dom_name, find_name)); - - if (! get_any_dc_name(dom_name, srv_name)) - { - return 0xC0000000 | NT_STATUS_NONE_MAPPED; - } - if (strequal(srv_name, "\\\\.")) - { - DEBUG(0, ("WARNING: infinite loop in lsarpcd !\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; - } - - status = lookup_lsa_name(dom_name, find_name, - sid, sid_name_use); - - if (status == 0x0 && - (!sid_split_rid(sid, rid) || - !map_domain_sid_to_name(sid, dummy))) - { - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - } - return status; -} - -static void make_lsa_rid2s(DOM_R_REF *ref, - DOM_RID2 *rid2, - int num_entries, UNISTR2 name[MAX_LOOKUP_SIDS], - uint32 *mapped_count) -{ - int i; - int total = 0; - (*mapped_count) = 0; - - SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); - - for (i = 0; i < num_entries; i++) - { - uint32 status = 0x0; - DOM_SID find_sid; - DOM_SID sid; - uint32 rid = 0xffffffff; - int dom_idx = -1; - char *find_name = NULL; - fstring dom_name; - fstring full_name; - uint32 sid_name_use = SID_NAME_UNKNOWN; - - unistr2_to_ascii(full_name, &name[i], sizeof(full_name)-1); - find_name = strdup(full_name); - - if (!split_domain_name(full_name, dom_name, find_name)) - { - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - } - if (status == 0x0 && map_domain_name_to_sid(&find_sid, - &find_name)) - { - sid_name_use = SID_NAME_DOMAIN; - dom_idx = make_dom_ref(ref, dom_name, &find_sid); - rid = 0xffffffff; - sid_copy(&sid, &find_sid); - } - else if (status == 0x0) - { - uint32 ret; - ret = lookup_sam_domainname("\\\\.", - dom_name, &find_sid); - - if (ret == 0x0) - { - pstring tmp; - sid_to_string(tmp, &find_sid); - DEBUG(10,("lookup sam name: %s %s\n", - tmp, find_name)); - status = lookup_sam_name(NULL, - &find_sid, - find_name, - &rid, &sid_name_use); - sid_copy(&sid, &find_sid); - } - else - { - status = get_remote_sid(dom_name, find_name, - &sid, &rid, - &sid_name_use); - } - } - - if (status == 0x0) - { - dom_idx = make_dom_ref(ref, find_name, &sid); - } - - if (status == 0x0) - { - (*mapped_count)++; - } - else - { - dom_idx = -1; - rid = 0xffffffff; - sid_name_use = SID_NAME_UNKNOWN; - } - - make_dom_rid2(&rid2[total], rid, sid_name_use, dom_idx); - total++; - - if (find_name != NULL) - { - free(find_name); - } - } -} /*************************************************************************** make_reply_lookup_names ***************************************************************************/ static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, - DOM_R_REF *ref, uint32 num_entries, - DOM_RID2 *rid2, uint32 mapped_count) + DOM_R_REF *ref, uint32 num_entries, + DOM_RID2 *rid2, uint32 mapped_count, + uint32 status) { - r_l->ptr_dom_ref = 1; + r_l->ptr_dom_ref = (ref != NULL ? 1 : 0); r_l->dom_ref = ref; + if (rid2 == NULL) num_entries = 0; + r_l->num_entries = num_entries; - r_l->ptr_entries = 1; + r_l->ptr_entries = (rid2 != NULL ? 1 : 0); r_l->num_entries2 = num_entries; r_l->dom_rid = rid2; r_l->mapped_count = mapped_count; - if (mapped_count == 0) - { - r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - } - else - { - r_l->status = 0x0; - } + r_l->status = status; } /*************************************************************************** @@ -247,28 +119,6 @@ static BOOL lsa_reply_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, prs_struct *rdata) return lsa_io_r_lookup_sids("", &r_l, rdata, 0); } -/*************************************************************************** -lsa_reply_lookup_names - ***************************************************************************/ -static BOOL lsa_reply_lookup_names(prs_struct *rdata, - UNISTR2 names[MAX_LOOKUP_SIDS], int num_entries) -{ - LSA_R_LOOKUP_NAMES r_l; - DOM_R_REF ref; - DOM_RID2 rids[MAX_LOOKUP_SIDS]; - uint32 mapped_count = 0; - - ZERO_STRUCT(r_l); - ZERO_STRUCT(ref); - ZERO_STRUCT(rids); - - /* set up the LSA Lookup RIDs response */ - make_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count); - make_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count); - - /* store the response in the SMB stream */ - return lsa_io_r_lookup_names("", &r_l, rdata, 0); -} /*************************************************************************** api_lsa_open_policy @@ -412,7 +262,6 @@ static BOOL api_lsa_lookup_sids( rpcsrv_struct *p, prs_struct *data, return False; } - /* construct reply. return status is always 0x0 */ return lsa_reply_lookup_sids(&q_l, rdata); } @@ -424,7 +273,17 @@ static BOOL api_lsa_lookup_names( rpcsrv_struct *p, prs_struct *data, prs_struct *rdata ) { LSA_Q_LOOKUP_NAMES q_l; + LSA_R_LOOKUP_NAMES r_l; + DOM_R_REF ref; + DOM_RID2 *rids; + uint32 mapped_count = 0; + uint32 status; + uint32 ret; + ZERO_STRUCT(q_l); + ZERO_STRUCT(r_l); + ZERO_STRUCT(ref); + rids = NULL; /* grab the info class and policy handle */ if (!lsa_io_q_lookup_names("", &q_l, data, 0)) @@ -432,10 +291,21 @@ static BOOL api_lsa_lookup_names( rpcsrv_struct *p, prs_struct *data, return False; } - SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries); - return lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries); + status = _lsa_lookup_names(&q_l.pol, + q_l.num_entries, q_l.uni_name, + &ref, &rids, &mapped_count); + + make_reply_lookup_names(&r_l, &ref, q_l.num_entries, rids, + mapped_count, status); + + /* store the response in the SMB stream */ + ret = lsa_io_r_lookup_names("", &r_l, rdata, 0); + + safe_free(rids); + + return ret; } /*************************************************************************** diff --git a/source/lsarpcd/srv_lsa_samdb.c b/source/lsarpcd/srv_lsa_samdb.c index f39560c2bb8..e8e081ee5bc 100644 --- a/source/lsarpcd/srv_lsa_samdb.c +++ b/source/lsarpcd/srv_lsa_samdb.c @@ -235,10 +235,10 @@ static uint32 get_remote_sid(const char *dom_name, char *find_name, return status; } -static uint32 _lsa_lookup_names(uint32 num_entries, const UNISTR2 *name, - DOM_R_REF *ref, - DOM_RID2 **ret_rid2, - uint32 *mapped_count) +uint32 _lsa_lookup_names(const POLICY_HND *pol, + uint32 num_entries, const UNISTR2 *name, + DOM_R_REF *ref, DOM_RID2 **ret_rid2, + uint32 *mapped_count) { int i; int total = 0; @@ -268,8 +268,8 @@ static uint32 _lsa_lookup_names(uint32 num_entries, const UNISTR2 *name, { status1 = NT_STATUS_NONE_MAPPED; } - if (status1 == NT_STATUS_NOPROBLEMO && map_domain_name_to_sid(&find_sid, - &find_name)) + if (status1 == NT_STATUS_NOPROBLEMO + && map_domain_name_to_sid(&find_sid, &find_name)) { sid_name_use = SID_NAME_DOMAIN; dom_idx = make_dom_ref(ref, dom_name, &find_sid); @@ -329,9 +329,6 @@ static uint32 _lsa_lookup_names(uint32 num_entries, const UNISTR2 *name, if ((*mapped_count) == 0) { - safe_free(rid2); - (*ret_rid2) = NULL; - return NT_STATUS_NONE_MAPPED; } else diff --git a/source/msrpc/msrpcd_process.c b/source/msrpc/msrpcd_process.c index 90309875fa2..c7edf8e3ccf 100644 --- a/source/msrpc/msrpcd_process.c +++ b/source/msrpc/msrpcd_process.c @@ -469,7 +469,9 @@ void msrpcd_process(msrpc_service_fns * fn, rpcsrv_struct * l, DEBUG(3, ("end of file from client\n")); if (fn->idle != NULL) { + become_root(False); fn->idle(); + unbecome_root(False); } return; } @@ -480,7 +482,9 @@ void msrpcd_process(msrpc_service_fns * fn, rpcsrv_struct * l, strerror(errno))); if (fn->idle != NULL) { + become_root(False); fn->idle(); + unbecome_root(False); } return; } diff --git a/source/rpc_client/cli_pipe_noauth.c b/source/rpc_client/cli_pipe_noauth.c index c403e8bf101..2eed511728c 100644 --- a/source/rpc_client/cli_pipe_noauth.c +++ b/source/rpc_client/cli_pipe_noauth.c @@ -30,7 +30,6 @@ #include "rpc_parse.h" extern int DEBUGLEVEL; -extern struct pipe_id_info pipe_names[]; extern pstring global_myname; /**************************************************************************** diff --git a/source/rpc_client/cli_pipe_ntlmssp.c b/source/rpc_client/cli_pipe_ntlmssp.c index fbbccc72796..f3b92deea5d 100644 --- a/source/rpc_client/cli_pipe_ntlmssp.c +++ b/source/rpc_client/cli_pipe_ntlmssp.c @@ -30,7 +30,6 @@ #include "rpc_parse.h" extern int DEBUGLEVEL; -extern struct pipe_id_info pipe_names[]; extern pstring global_myname; static void NTLMSSPcalc_ap( struct ntlmssp_auth_struct *a, unsigned char *data, int len) diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index 627d90ae47e..59d676c9e79 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -660,6 +660,12 @@ BOOL samr_connect( const char *srv_name, uint32 access_mask, set_policy_con(get_global_hnd_cache(), connect_pol, con, cli_connection_unlink); + if (valid_pol) + { + policy_hnd_set_name(get_global_hnd_cache(), + connect_pol, + "SAM_CONNECT"); + } } } @@ -1697,6 +1703,8 @@ BOOL samr_open_domain( const POLICY_HND *connect_pol, { memcpy(domain_pol, &r_o.domain_pol, sizeof(r_o.domain_pol)); valid_pol = cli_pol_link(domain_pol, connect_pol); + policy_hnd_set_name(get_global_hnd_cache(), + domain_pol, "SAM_DOMAIN"); } } diff --git a/source/rpcclient/cmd_netlogon.c b/source/rpcclient/cmd_netlogon.c index b6d36d844b2..7a3972bbab5 100644 --- a/source/rpcclient/cmd_netlogon.c +++ b/source/rpcclient/cmd_netlogon.c @@ -37,6 +37,106 @@ extern struct user_creds *usr_creds; extern FILE *out_hnd; +#if 0 +/**************************************************************************** +experimental nt login trust account change. +****************************************************************************/ +void cmd_netlogon_pwset(struct client_info *info, int argc, char *argv[]) +{ + BOOL res = True; + char *nt_password; + uchar trust_passwd[16]; + uchar nt_pw[16]; + uchar lm_pw[16]; + fstring trust_acct; + fstring domain; + char *p; + uint16 validation_level; + + fstring wks_name; + fstring srv_name; + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, info->dest_host); + strupper(srv_name); + + fstrcpy(wks_name, "\\\\"); + if (strequal(srv_name, "\\\\.") && + strequal(info->dest_host, info->myhostname)) + { + fstrcat(wks_name, "."); + } + else + { + fstrcat(wks_name, info->dest_host); + } + strupper(wks_name); + + domain[0] = 0; + if (usr_creds != NULL) + { + fstrcpy(domain, usr_creds->ntc.domain); + } + + if (domain[0] == 0) + { + fstrcpy(domain, info->dom.level3_dom); + } + + argc--; + argv++; + + + if (domain[0] == 0) + { + report(out_hnd, "no domain specified.\n"); + } + + nt_owf_genW(nt_password, nt_pw, lm_pw); + + DEBUG(5, ("do_nt_login_test: username %s from: %s\n", + nt_user_name, info->myhostname)); + + fstrcpy(trust_acct, info->myhostname); + fstrcat(trust_acct, "$"); + + res = res ? msrpc_lsa_query_trust_passwd(wks_name, "$MACHINE.ACC", + trust_passwd, NULL) : False; + + res = res ? cli_nt_setup_creds(srv_name, domain, info->myhostname, + trust_acct, + trust_passwd, + SEC_CHAN_WKSTA, + &validation_level) == 0x0 : False; + + + memset(trust_passwd, 0, 16); + + /* do an NT login */ + res = res ? (cli_nt_login_interactive(srv_name, info->myhostname, + domain, nt_user_name, + getuid(), lm_pw, nt_pw, + &info->dom.ctr, + validation_level, + &info->dom.user_info3) == + 0x0) : False; + + +#if 0 + /* ok! you're logged in! do anything you like, then... */ + + /* do an NT logout */ + res = + res ? cli_nt_logoff(srv_name, info->myhostname, + &info->dom.ctr) : False; +#endif + + report(out_hnd, "cmd_nt_login: login (%s) test succeeded: %s\n", + nt_user_name, BOOLSTR(res)); +} + +#endif + /**************************************************************************** experimental nt login. |