diff options
29 files changed, 271 insertions, 92 deletions
diff --git a/source/include/proto.h b/source/include/proto.h index 8c1e1145a37..ca26b39f8a7 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -348,6 +348,7 @@ char *rep_inet_ntoa(struct in_addr ip); /*The following definitions come from lib/set_uid.c */ +const vuser_key *get_sec_ctx(void); void init_uid(void); BOOL become_uid(uid_t uid); BOOL become_gid(gid_t gid); @@ -625,15 +626,32 @@ void *open_file_if_modified(const char *filename, char *mode, time_t *lastmodifi struct policy_cache *get_global_hnd_cache(void); struct policy_cache *init_policy_cache(int num_pol_hnds); void free_policy_cache(struct policy_cache *cache); -BOOL register_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd, +BOOL dup_policy_hnd(struct policy_cache *cache, + POLICY_HND *hnd, + const POLICY_HND *from); +BOOL register_policy_hnd(struct policy_cache *cache, + const vuser_key *key, + POLICY_HND *hnd, + uint32 access_mask); +BOOL open_policy_hnd(struct policy_cache *cache, + const vuser_key *key, + POLICY_HND *hnd, uint32 access_mask); -BOOL open_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd, +BOOL open_policy_hnd_link(struct policy_cache *cache, + const POLICY_HND *parent_hnd, + POLICY_HND *hnd, uint32 access_mask); int find_policy_by_hnd(struct policy_cache *cache, const POLICY_HND *hnd); BOOL set_policy_state(struct policy_cache *cache, POLICY_HND *hnd, void(*fn)(void*), void *dev); void *get_policy_state_info(struct policy_cache *cache, const POLICY_HND *hnd); BOOL close_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd); +BOOL policy_link_key(struct policy_cache *cache, const POLICY_HND *hnd, + POLICY_HND *to); +const vuser_key *get_policy_vuser_key(struct policy_cache *cache, + const POLICY_HND *hnd); +BOOL pol_get_usr_sesskey(struct policy_cache *cache, const POLICY_HND *hnd, + uchar usr_sess_key[16]); /*The following definitions come from lib/util_pwdb.c */ @@ -2071,9 +2089,10 @@ BOOL cli_connection_getsrv(const char* srv_name, const char* pipe_name, struct cli_connection **con); BOOL cli_connection_get(const POLICY_HND *pol, struct cli_connection **con); BOOL cli_pol_link(POLICY_HND *to, const POLICY_HND *from); +BOOL cli_get_usr_sesskey(const POLICY_HND *pol, uchar usr_sess_key[16]); BOOL cli_set_con_usr_sesskey(struct cli_connection *con, const uchar usr_sess_key[16]); -BOOL cli_get_con_usr_sesskey(struct cli_connection *con, uchar usr_sess_key[16]); +const vuser_key *cli_con_sec_ctx(struct cli_connection *con); struct cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con); void *cli_conn_get_auth_creds(struct cli_connection *con); void *cli_conn_get_auth_info(struct cli_connection *con); @@ -2082,7 +2101,6 @@ struct ntuser_creds *cli_conn_get_usercreds(struct cli_connection *con); struct ntdom_info * cli_conn_get_ntinfo(struct cli_connection *con); BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]); BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name); -BOOL cli_get_usr_sesskey(const POLICY_HND *pol, uchar usr_sess_key[16]); BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]); BOOL cli_get_sesskey_srv(const char* srv_name, uchar sess_key[16]); void cli_con_gen_next_creds(struct cli_connection *con, diff --git a/source/include/rpc_client_proto.h b/source/include/rpc_client_proto.h index f747e1cc99a..79d430968d1 100644 --- a/source/include/rpc_client_proto.h +++ b/source/include/rpc_client_proto.h @@ -35,9 +35,10 @@ BOOL cli_connection_getsrv(const char* srv_name, const char* pipe_name, struct cli_connection **con); BOOL cli_connection_get(const POLICY_HND *pol, struct cli_connection **con); BOOL cli_pol_link(POLICY_HND *to, const POLICY_HND *from); +BOOL cli_get_usr_sesskey(const POLICY_HND *pol, uchar usr_sess_key[16]); BOOL cli_set_con_usr_sesskey(struct cli_connection *con, const uchar usr_sess_key[16]); -BOOL cli_get_con_usr_sesskey(struct cli_connection *con, uchar usr_sess_key[16]); +const vuser_key *cli_con_sec_ctx(struct cli_connection *con); struct cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con); void *cli_conn_get_auth_creds(struct cli_connection *con); void *cli_conn_get_auth_info(struct cli_connection *con); @@ -46,7 +47,6 @@ struct ntuser_creds *cli_conn_get_usercreds(struct cli_connection *con); struct ntdom_info * cli_conn_get_ntinfo(struct cli_connection *con); BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]); BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name); -BOOL cli_get_usr_sesskey(const POLICY_HND *pol, uchar usr_sess_key[16]); BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]); BOOL cli_get_sesskey_srv(const char* srv_name, uchar sess_key[16]); void cli_con_gen_next_creds(struct cli_connection *con, diff --git a/source/lib/set_uid.c b/source/lib/set_uid.c index 6f0a099e7ed..58596b99ffd 100644 --- a/source/lib/set_uid.c +++ b/source/lib/set_uid.c @@ -32,6 +32,18 @@ extern struct current_user current_user; pstring OriginalDir; /**************************************************************************** +get the current security context vuid key +****************************************************************************/ +const vuser_key *get_sec_ctx(void) +{ + if (current_user.key.vuid != UID_FIELD_INVALID) + { + return ¤t_user.key; + } + return NULL; +} + +/**************************************************************************** initialise the uid routines ****************************************************************************/ void init_uid(void) diff --git a/source/lib/smbrun.c b/source/lib/smbrun.c index 5a016cd5cd8..d80d55a556d 100644 --- a/source/lib/smbrun.c +++ b/source/lib/smbrun.c @@ -21,7 +21,6 @@ #include "includes.h" -/* need to move this from here!! need some sleep ... */ struct current_user current_user; extern int DEBUGLEVEL; diff --git a/source/lib/util_hnd.c b/source/lib/util_hnd.c index caa2503822c..c9d881461ea 100644 --- a/source/lib/util_hnd.c +++ b/source/lib/util_hnd.c @@ -3,8 +3,8 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -45,6 +45,7 @@ struct policy BOOL open; POLICY_HND pol_hnd; uint32 access_mask; + vuser_key key; void (*free_fn)(void*); void *dev; @@ -108,9 +109,51 @@ void free_policy_cache(struct policy_cache *cache) } /**************************************************************************** + find policy by handle +****************************************************************************/ +static struct policy *find_policy(struct policy_cache *cache, + const POLICY_HND *hnd) +{ + struct policy *p; + + for (p=cache->Policy;p;p=p->next) { + if (memcmp(&p->pol_hnd, hnd, sizeof(*hnd)) == 0) { + DEBUG(4,("Found policy hnd[%x] ", p->pnum)); + dump_data(4, (const char *)hnd->data, + sizeof(hnd->data)); + return p; + } + } + + DEBUG(4,("cache->Policy not found: ")); + dump_data(4, (const char *)hnd->data, sizeof(hnd->data)); + + return NULL; +} + +/**************************************************************************** + find first available policy slot. copies a policy handle for you. +****************************************************************************/ +BOOL dup_policy_hnd(struct policy_cache *cache, + POLICY_HND *hnd, + const POLICY_HND *from) +{ + struct policy *p = find_policy(cache, from); + + if (!p || !p->open) + { + return False; + } + DEBUG(3,("Duplicating policy state pnum=%x\n", p->pnum)); + return register_policy_hnd(cache, &p->key, hnd, p->access_mask); +} + +/**************************************************************************** find first available policy slot. creates a policy handle for you. ****************************************************************************/ -BOOL register_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd, +BOOL register_policy_hnd(struct policy_cache *cache, + const vuser_key *key, + POLICY_HND *hnd, uint32 access_mask) { int i; @@ -136,6 +179,15 @@ BOOL register_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd, p->open = True; p->pnum = i; p->access_mask = access_mask; + if (key != NULL) + { + p->key = *key; + } + else + { + p->key.vuid = UID_FIELD_INVALID; + p->key.pid = getpid(); + } memcpy(&p->pol_hnd, hnd, sizeof(*hnd)); @@ -152,34 +204,30 @@ BOOL register_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd, /**************************************************************************** find first available policy slot. creates a policy handle for you. ****************************************************************************/ -BOOL open_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd, +BOOL open_policy_hnd(struct policy_cache *cache, + const vuser_key *key, + POLICY_HND *hnd, uint32 access_mask) { create_pol_hnd(hnd); - return register_policy_hnd(cache, hnd, access_mask); + return register_policy_hnd(cache, key, hnd, access_mask); } /**************************************************************************** - find policy by handle + find first available policy slot. creates a policy handle for you. ****************************************************************************/ -static struct policy *find_policy(struct policy_cache *cache, - const POLICY_HND *hnd) +BOOL open_policy_hnd_link(struct policy_cache *cache, + const POLICY_HND *parent_hnd, + POLICY_HND *hnd, + uint32 access_mask) { - struct policy *p; - - for (p=cache->Policy;p;p=p->next) { - if (memcmp(&p->pol_hnd, hnd, sizeof(*hnd)) == 0) { - DEBUG(4,("Found policy hnd[%x] ", p->pnum)); - dump_data(4, (const char *)hnd->data, - sizeof(hnd->data)); - return p; - } + const vuser_key *key = get_policy_vuser_key(cache, parent_hnd); + if (key == NULL) + { + return False; } - - DEBUG(4,("cache->Policy not found: ")); - dump_data(4, (const char *)hnd->data, sizeof(hnd->data)); - - return NULL; + create_pol_hnd(hnd); + return register_policy_hnd(cache, key, hnd, access_mask); } /**************************************************************************** @@ -269,3 +317,68 @@ BOOL close_policy_hnd(struct policy_cache *cache, POLICY_HND *hnd) return True; } +/**************************************************************************** + get pol state. +****************************************************************************/ +BOOL policy_link_key(struct policy_cache *cache, const POLICY_HND *hnd, + POLICY_HND *to) +{ + struct policy *p = find_policy(cache, hnd); + struct policy *pto = find_policy(cache, to); + + if (p != NULL && p->open && pto != NULL && pto->open) + { + DEBUG(3,("Linking policy key pnum=%x pid=%d vuid=%x\n", + p->key.pid, p->key.vuid, p->pnum)); + pto->key = p->key; + return True; + } + + DEBUG(3,("Error getting policy link states\n")); + return False; +} + +/**************************************************************************** + get pol state. +****************************************************************************/ +const vuser_key *get_policy_vuser_key(struct policy_cache *cache, + const POLICY_HND *hnd) +{ + struct policy *p = find_policy(cache, hnd); + + if (p != NULL && p->open) + { + DEBUG(3,("Getting policy vuser_key pnum=%x pid=%d vuid=%x\n", + p->key.pid, p->key.vuid, p->pnum)); + return &p->key; + } + + DEBUG(3,("Error getting policy state\n")); + return NULL; +} + +/**************************************************************************** + get user session key. +****************************************************************************/ +BOOL pol_get_usr_sesskey(struct policy_cache *cache, const POLICY_HND *hnd, + uchar usr_sess_key[16]) +{ + const vuser_key *key = get_policy_vuser_key(cache, hnd); + user_struct *vuser; + + if (key == NULL) + { + return False; + } + vuser = get_valid_user_struct(key); + if (vuser == NULL) + { + DEBUG(10,("pol_get_usr_sesskey: no vuser struct\n")); + return False; + } + memcpy(usr_sess_key, vuser->usr.user_sess_key, 16); + vuid_free_user_struct(vuser); + safe_free(vuser); + return True; +} + diff --git a/source/lsarpcd/srv_lsa_samdb.c b/source/lsarpcd/srv_lsa_samdb.c index 170363167ee..ba7f60d43f4 100644 --- a/source/lsarpcd/srv_lsa_samdb.c +++ b/source/lsarpcd/srv_lsa_samdb.c @@ -43,7 +43,8 @@ uint32 _lsa_open_policy2(const UNISTR2 *server_name, POLICY_HND *hnd, return NT_STATUS_INVALID_PARAMETER; } /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), hnd, des_access)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), hnd, des_access)) { return NT_STATUS_ACCESS_DENIED; } @@ -64,7 +65,8 @@ uint32 _lsa_open_policy(const UNISTR2 *server_name, POLICY_HND *hnd, } /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), hnd, des_access)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), hnd, des_access)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/rpc_client/cli_connect.c b/source/rpc_client/cli_connect.c index b7f667d01e0..0524ca98811 100644 --- a/source/rpc_client/cli_connect.c +++ b/source/rpc_client/cli_connect.c @@ -441,17 +441,21 @@ BOOL cli_pol_link(POLICY_HND *to, const POLICY_HND *from) /* fix this when access masks are actually working! */ DEBUG(10,("cli_pol_link: lkclXXXX - MAXIMUM_ALLOWED access_mask\n")); - return register_policy_hnd(get_global_hnd_cache(), to, 0x02000000) && + return dup_policy_hnd(get_global_hnd_cache(), to, from) && set_policy_con(get_global_hnd_cache(), to, con, NULL); } /**************************************************************************** set a user session key associated with a connection ****************************************************************************/ -BOOL cli_set_con_usr_sesskey(struct cli_connection *con, - const uchar usr_sess_key[16]) +BOOL cli_get_usr_sesskey(const POLICY_HND *pol, uchar usr_sess_key[16]) { struct ntdom_info *nt; + struct cli_connection *con; + if (!cli_connection_get(pol, &con)) + { + return False; + } if (con == NULL) { return False; @@ -459,7 +463,7 @@ BOOL cli_set_con_usr_sesskey(struct cli_connection *con, nt = cli_conn_get_ntinfo(con); if (nt != NULL) { - memcpy(nt->usr_sess_key, usr_sess_key, sizeof(nt->usr_sess_key)); + memcpy(usr_sess_key,nt->usr_sess_key,sizeof(nt->usr_sess_key)); } @@ -467,9 +471,10 @@ BOOL cli_set_con_usr_sesskey(struct cli_connection *con, } /**************************************************************************** -get a user session key associated with a connection +set a user session key associated with a connection ****************************************************************************/ -BOOL cli_get_con_usr_sesskey(struct cli_connection *con, uchar usr_sess_key[16]) +BOOL cli_set_con_usr_sesskey(struct cli_connection *con, + const uchar usr_sess_key[16]) { struct ntdom_info *nt; if (con == NULL) @@ -479,19 +484,34 @@ BOOL cli_get_con_usr_sesskey(struct cli_connection *con, uchar usr_sess_key[16]) nt = cli_conn_get_ntinfo(con); if (nt != NULL) { - memcpy(usr_sess_key, nt->usr_sess_key, sizeof(nt->usr_sess_key)); - } - else - { - memset(usr_sess_key, 0, sizeof(nt->usr_sess_key)); + memcpy(nt->usr_sess_key, usr_sess_key, sizeof(nt->usr_sess_key)); } + return True; } /**************************************************************************** get auth functions associated with an msrpc session. ****************************************************************************/ +const vuser_key *cli_con_sec_ctx(struct cli_connection *con) +{ + struct ntdom_info *nt; + if (con == NULL) + { + return False; + } + nt = cli_conn_get_ntinfo(con); + if (nt != NULL && nt->key.vuid != UID_FIELD_INVALID) + { + return &nt->key; + } + return NULL; +} + +/**************************************************************************** + get auth functions associated with an msrpc session. +****************************************************************************/ struct cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con) { return con != NULL ? con->auth : NULL; @@ -637,22 +657,6 @@ BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name) get a user session key associated with a connection associated with a policy handle. ****************************************************************************/ -BOOL cli_get_usr_sesskey(const POLICY_HND *pol, uchar usr_sess_key[16]) -{ - struct cli_connection *con = NULL; - - if (!cli_connection_get(pol, &con)) - { - return False; - } - - return cli_get_con_usr_sesskey(con, usr_sess_key); -} - -/**************************************************************************** -get a user session key associated with a connection associated with a -policy handle. -****************************************************************************/ BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]) { struct cli_connection *con = NULL; diff --git a/source/rpc_client/cli_eventlog.c b/source/rpc_client/cli_eventlog.c index 69cacf4257d..dd593bd8cbf 100644 --- a/source/rpc_client/cli_eventlog.c +++ b/source/rpc_client/cli_eventlog.c @@ -72,7 +72,8 @@ BOOL event_open(const char* srv_name, const char *log, POLICY_HND *hnd) DEBUG(0,("event_open: unk_6 or unk_7 is an access mask\n")); /*copy handle */ memcpy(hnd->data, r.pol.data, sizeof(hnd->data)); - valid_pol = register_policy_hnd(get_global_hnd_cache(), hnd, 0x01) && + valid_pol = register_policy_hnd(get_global_hnd_cache(), cli_con_sec_ctx(con), + hnd, 0x01) && set_policy_con(get_global_hnd_cache(), hnd, con, cli_connection_unlink); } diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 968ba0ae2f1..ef0ca62f3aa 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -260,6 +260,7 @@ BOOL lsa_open_policy(const char *system_name, POLICY_HND *hnd, memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); valid_pol = register_policy_hnd(get_global_hnd_cache(), + cli_con_sec_ctx(con), hnd, des_access) && set_policy_con(get_global_hnd_cache(), hnd, con, @@ -336,6 +337,7 @@ BOOL lsa_open_policy2( const char *system_name, POLICY_HND *hnd, /* ok, at last: we're happy. return the policy handle */ memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); valid_pol = register_policy_hnd(get_global_hnd_cache(), + cli_con_sec_ctx(con), hnd, des_access) && set_policy_con(get_global_hnd_cache(), hnd, con, diff --git a/source/rpc_client/cli_reg.c b/source/rpc_client/cli_reg.c index 371cdac110c..e38ad57c487 100644 --- a/source/rpc_client/cli_reg.c +++ b/source/rpc_client/cli_reg.c @@ -3,9 +3,9 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - * Copyright (C) Paul Ashton 1997-1998. + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, + * Copyright (C) Paul Ashton 1997-2000. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -103,8 +103,8 @@ BOOL reg_connect( const char* srv_name, if (res) { - if (!register_policy_hnd(get_global_hnd_cache(), reg_hnd, - access_mask) || + if (!register_policy_hnd(get_global_hnd_cache(), cli_con_sec_ctx(con), + reg_hnd, access_mask) || !set_policy_con(get_global_hnd_cache(), reg_hnd, con, cli_connection_unlink)) { diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index c000dd9ec85..89f6de6b55c 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -670,6 +670,7 @@ BOOL samr_connect( const char *srv_name, uint32 access_mask, { memcpy(connect_pol, &r_o.connect_pol, sizeof(r_o.connect_pol)); valid_pol = register_policy_hnd(get_global_hnd_cache(), + cli_con_sec_ctx(con), connect_pol, access_mask) && set_policy_con(get_global_hnd_cache(), @@ -2283,6 +2284,7 @@ BOOL samr_set_userinfo( POLICY_HND *pol, uint16 switch_value, void* usr) prs_init(&rdata, 0, 4, True ); q_o.ctr = &ctr; + /* store the parameters */ make_samr_q_set_userinfo(&q_o, pol, switch_value, usr); diff --git a/source/rpc_client/cli_spoolss.c b/source/rpc_client/cli_spoolss.c index 6f5d3cfab70..d30b242f70f 100644 --- a/source/rpc_client/cli_spoolss.c +++ b/source/rpc_client/cli_spoolss.c @@ -248,6 +248,7 @@ BOOL spoolss_open_printer_ex( const char *printername, memcpy(hnd, r_o.handle.data, sizeof(hnd->data)); valid_pol = register_policy_hnd(get_global_hnd_cache(), + cli_con_sec_ctx(con), hnd, des_access) && set_policy_con(get_global_hnd_cache(), hnd, con, diff --git a/source/rpc_client/cli_svcctl.c b/source/rpc_client/cli_svcctl.c index d0f244749d0..59362d9f5d0 100644 --- a/source/rpc_client/cli_svcctl.c +++ b/source/rpc_client/cli_svcctl.c @@ -89,6 +89,7 @@ BOOL svc_open_sc_man( const char *srv_name, char *db_name, memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); valid_pol = True; valid_pol = register_policy_hnd(get_global_hnd_cache(), + cli_con_sec_ctx(con), hnd, des_access) && set_policy_con(get_global_hnd_cache(), hnd, con, cli_connection_unlink); @@ -159,6 +160,7 @@ BOOL svc_open_service( POLICY_HND *scm_hnd, /* ok, at last: we're happy. return the policy handle */ memcpy(hnd, r_o.pol.data, sizeof(hnd->data)); valid_pol = register_policy_hnd(get_global_hnd_cache(), + cli_con_sec_ctx(con), hnd, des_access) && set_policy_con(get_global_hnd_cache(), hnd, con, NULL); } diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 2c5685c28e1..0212eb9ffac 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -4715,6 +4715,7 @@ BOOL sam_io_user_info11(char *desc, SAM_USER_INFO_11 *usr, prs_struct *ps, int BOOL make_sam_user_info24(SAM_USER_INFO_24 *usr, const char newpass[516], uint16 passlen) { + DEBUG(10,("make_sam_user_info24: passlen: %d\n", passlen)); memcpy(usr->pass, newpass, sizeof(usr->pass)); usr->unk_0 = passlen; @@ -5733,6 +5734,7 @@ BOOL make_samr_q_set_userinfo(SAMR_Q_SET_USERINFO *q_u, if (!cli_get_usr_sesskey(hnd, sess_key)) { + DEBUG(0,("make_samr_set_userinfo: could not obtain session key\n")); return False; } if (!make_samr_userinfo_ctr(q_u->ctr, sess_key, switch_value, info)) diff --git a/source/rpc_server/srv_reg.c b/source/rpc_server/srv_reg.c index 3b0d797eb89..3b688cf2202 100644 --- a/source/rpc_server/srv_reg.c +++ b/source/rpc_server/srv_reg.c @@ -125,6 +125,7 @@ static void reg_reply_open(REG_Q_OPEN_HKLM *q_r, prs_struct *rdata) r_u.status = NT_STATUS_NOPROBLEMO; /* get a (unique) handle. open a policy on it. */ if (r_u.status == 0x0 && !open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), &r_u.pol, q_r->access_mask)) { r_u.status = NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -172,7 +173,8 @@ static void reg_reply_open_entry(REG_Q_OPEN_ENTRY *q_u, status = NT_STATUS_INVALID_HANDLE; } - if (status == 0x0 && !open_policy_hnd(get_global_hnd_cache(), &pol, q_u->access_mask)) + if (status == 0x0 && !open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), &pol, q_u->access_mask)) { status = NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ } diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index b0890d93ce9..4eabb25c285 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -2403,7 +2403,7 @@ void cmd_sam_set_userinfo(struct client_info *info, int argc, char *argv[]) if (usr != NULL) { res1 = set_samr_set_userinfo( &pol_dom, - switch_value, rids[0], usr); + switch_value, rids[0], &ctr); } } diff --git a/source/samrd/srv_samr_als_nt5ldap.c b/source/samrd/srv_samr_als_nt5ldap.c index 61c7c65e3ae..c673c872c32 100644 --- a/source/samrd/srv_samr_als_nt5ldap.c +++ b/source/samrd/srv_samr_als_nt5ldap.c @@ -40,7 +40,8 @@ static uint32 samr_open_by_nt5ldapsid(LDAPDB *hds, DOM_SID sid; /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), pol, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_als_tdb.c b/source/samrd/srv_samr_als_tdb.c index de188d7af26..edba8bc9c58 100644 --- a/source/samrd/srv_samr_als_tdb.c +++ b/source/samrd/srv_samr_als_tdb.c @@ -41,7 +41,8 @@ static uint32 samr_open_by_tdbsid(TDB_CONTEXT *ptdb, DOM_SID sid; /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), pol, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_dom_nt5ldap.c b/source/samrd/srv_samr_dom_nt5ldap.c index bf267ab6d18..9310f514f26 100644 --- a/source/samrd/srv_samr_dom_nt5ldap.c +++ b/source/samrd/srv_samr_dom_nt5ldap.c @@ -47,7 +47,8 @@ uint32 _samr_open_domain(const POLICY_HND *connect_pol, } /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), domain_pol, ace_perms)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), domain_pol, ace_perms)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_dom_tdb.c b/source/samrd/srv_samr_dom_tdb.c index 2f447b0fa17..515134e6583 100644 --- a/source/samrd/srv_samr_dom_tdb.c +++ b/source/samrd/srv_samr_dom_tdb.c @@ -140,7 +140,8 @@ uint32 _samr_open_domain(const POLICY_HND *connect_pol, } /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), domain_pol, ace_perms)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), domain_pol, ace_perms)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_grp_tdb.c b/source/samrd/srv_samr_grp_tdb.c index 5f005ad50a7..d5a604a7aa7 100644 --- a/source/samrd/srv_samr_grp_tdb.c +++ b/source/samrd/srv_samr_grp_tdb.c @@ -42,7 +42,8 @@ static uint32 samr_open_by_tdbsid(TDB_CONTEXT *ptdb, DOM_SID sid; /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), pol, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_nt5ldap.c b/source/samrd/srv_samr_nt5ldap.c index 0731cbd27f7..de2e76ba566 100644 --- a/source/samrd/srv_samr_nt5ldap.c +++ b/source/samrd/srv_samr_nt5ldap.c @@ -307,7 +307,8 @@ uint32 samr_open_by_nt5ldaprid( LDAPDB *hds, POLICY_HND *pol, uint32 access_mask, uint32 rid) { /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), pol, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_passdb.c b/source/samrd/srv_samr_passdb.c index 4293b8d6b0c..9a695c45232 100644 --- a/source/samrd/srv_samr_passdb.c +++ b/source/samrd/srv_samr_passdb.c @@ -156,15 +156,17 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, /******************************************************************* opens a samr group by rid, returns a policy handle. ********************************************************************/ -static uint32 samr_open_by_sid(const DOM_SID *dom_sid, +static uint32 samr_open_by_sid( const POLICY_HND *parent_pol, + const DOM_SID *dom_sid, POLICY_HND *pol, uint32 access_mask, uint32 rid) { DOM_SID sid; - + /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), pol, access_mask)) + if (!open_policy_hnd_link(get_global_hnd_cache(), + parent_pol, pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } @@ -217,7 +219,8 @@ uint32 _samr_open_domain(const POLICY_HND *connect_pol, } /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), domain_pol, ace_perms)) + if (!open_policy_hnd_link(get_global_hnd_cache(), + connect_pol, domain_pol, ace_perms)) { return NT_STATUS_ACCESS_DENIED; } @@ -1601,7 +1604,8 @@ uint32 _samr_open_user(const POLICY_HND *domain_pol, return NT_STATUS_NO_SUCH_USER; } - return samr_open_by_sid(&sid, user_pol, access_mask, user_rid); + return samr_open_by_sid(domain_pol, &sid, user_pol, + access_mask, user_rid); } @@ -1940,7 +1944,7 @@ uint32 _samr_set_userinfo(const POLICY_HND *pol, uint16 switch_value, return NT_STATUS_INVALID_HANDLE; } - if (!cli_get_usr_sesskey(pol, user_sess_key)) + if (!pol_get_usr_sesskey(get_global_hnd_cache(), pol, user_sess_key)) { return NT_STATUS_INVALID_HANDLE; } @@ -2173,7 +2177,8 @@ uint32 _samr_create_dom_alias(const POLICY_HND *domain_pol, *rid = grp.rid = 0xffffffff; *rid = grp.rid; - status = samr_open_by_sid(&dom_sid, alias_pol, access_mask, grp.rid); + status = samr_open_by_sid(domain_pol, &dom_sid, alias_pol, + access_mask, grp.rid); if (status != 0x0) { @@ -2225,7 +2230,7 @@ uint32 _samr_create_dom_group(const POLICY_HND *domain_pol, grp.attr = 0x07; *rid = grp.rid; - status = samr_open_by_sid(&dom_sid, group_pol, + status = samr_open_by_sid(domain_pol, &dom_sid, group_pol, access_mask, grp.rid); if (status != 0x0) { @@ -2357,7 +2362,8 @@ uint32 _samr_create_user(const POLICY_HND *domain_pol, *unknown_0 = 0x000703ff; *user_rid = sam_pass->user_rid; - return samr_open_by_sid(&sid, user_pol, access_mask, *user_rid); + return samr_open_by_sid(domain_pol, &sid, user_pol, + access_mask, *user_rid); } /******************************************************************* @@ -2368,7 +2374,8 @@ uint32 _samr_connect_anon(const UNISTR2 *srv_name, uint32 access_mask, { /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), connect_pol, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), connect_pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } @@ -2383,7 +2390,8 @@ uint32 _samr_connect(const UNISTR2 *srv_name, uint32 access_mask, POLICY_HND *connect_pol) { /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), connect_pol, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), connect_pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } @@ -2413,7 +2421,7 @@ uint32 _samr_open_alias(const POLICY_HND *domain_pol, return NT_STATUS_ACCESS_DENIED; } - return samr_open_by_sid(&sid, alias_pol, access_mask, alias_rid); + return samr_open_by_sid(domain_pol, &sid, alias_pol, access_mask, alias_rid); } /******************************************************************* @@ -2437,7 +2445,7 @@ uint32 _samr_open_group(const POLICY_HND *domain_pol, uint32 access_mask, return NT_STATUS_ACCESS_DENIED; } - return samr_open_by_sid(&sid, group_pol, access_mask, group_rid); + return samr_open_by_sid(domain_pol, &sid, group_pol, access_mask, group_rid); } /******************************************************************* diff --git a/source/samrd/srv_samr_sam_tdb.c b/source/samrd/srv_samr_sam_tdb.c index 9f760c6f9f3..604532a45ff 100644 --- a/source/samrd/srv_samr_sam_tdb.c +++ b/source/samrd/srv_samr_sam_tdb.c @@ -137,7 +137,8 @@ static uint32 tdb_samr_connect( POLICY_HND *pol, uint32 ace_perms) TDB_CONTEXT *sam_tdb = NULL; /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), pol, ace_perms)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, ace_perms)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_tdb.c b/source/samrd/srv_samr_tdb.c index a6f02b5902a..0c206cfbaa7 100644 --- a/source/samrd/srv_samr_tdb.c +++ b/source/samrd/srv_samr_tdb.c @@ -335,7 +335,8 @@ uint32 samr_open_by_tdbrid( TDB_CONTEXT *tdb, POLICY_HND *pol, uint32 access_mask, uint32 rid) { /* get a (unique) handle. open a policy on it. */ - if (!open_policy_hnd(get_global_hnd_cache(), pol, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, access_mask)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source/samrd/srv_samr_usr_nt5ldap.c b/source/samrd/srv_samr_usr_nt5ldap.c index bc6090f566d..6648a853721 100644 --- a/source/samrd/srv_samr_usr_nt5ldap.c +++ b/source/samrd/srv_samr_usr_nt5ldap.c @@ -504,7 +504,7 @@ uint32 _samr_set_userinfo(const POLICY_HND *pol, uint16 switch_value, DEBUG(5,("samr_reply_set_userinfo: rid:0x%x\n", rid)); - if (!cli_get_usr_sesskey(pol, user_sess_key)) + if (!pol_get_usr_sesskey(get_global_hnd_cache(), pol, user_sess_key)) { return NT_STATUS_INVALID_HANDLE; } diff --git a/source/samrd/srv_samr_usr_tdb.c b/source/samrd/srv_samr_usr_tdb.c index 2f731d85f40..055d00c62ac 100644 --- a/source/samrd/srv_samr_usr_tdb.c +++ b/source/samrd/srv_samr_usr_tdb.c @@ -492,7 +492,7 @@ uint32 _samr_set_userinfo(const POLICY_HND *pol, uint16 switch_value, DEBUG(5,("samr_reply_set_userinfo: rid:0x%x\n", rid)); - if (!cli_get_usr_sesskey(pol, user_sess_key)) + if (!pol_get_usr_sesskey(get_global_hnd_cache(), pol, user_sess_key)) { return NT_STATUS_INVALID_HANDLE; } diff --git a/source/spoolssd/srv_spoolss_nt.c b/source/spoolssd/srv_spoolss_nt.c index e1841724712..1ccf7914f6e 100755 --- a/source/spoolssd/srv_spoolss_nt.c +++ b/source/spoolssd/srv_spoolss_nt.c @@ -214,7 +214,8 @@ static BOOL get_printhndinfo(struct policy_cache *cache, const POLICY_HND *hnd, ****************************************************************************/ static BOOL open_printer_hnd(POLICY_HND *hnd, uint32 access_mask) { - if (!open_policy_hnd(get_global_hnd_cache(), hnd, access_mask)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), hnd, access_mask)) { return False; } diff --git a/source/svcctld/srv_svcctl_nt.c b/source/svcctld/srv_svcctl_nt.c index f9da06fd83d..8b6ff3e9011 100644 --- a/source/svcctld/srv_svcctl_nt.c +++ b/source/svcctld/srv_svcctl_nt.c @@ -108,7 +108,8 @@ uint32 _svc_open_service(const POLICY_HND *scman_pol, return NT_STATUS_INVALID_HANDLE; } - if (!open_policy_hnd(get_global_hnd_cache(), pol, des_access)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, des_access)) { return NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ } @@ -203,7 +204,8 @@ uint32 _svc_open_sc_man(const UNISTR2 *uni_srv_name, { fstring name; - if (!open_policy_hnd(get_global_hnd_cache(), pol, des_access)) + if (!open_policy_hnd(get_global_hnd_cache(), + get_sec_ctx(), pol, des_access)) { return NT_STATUS_TOO_MANY_SECRETS; /* ha ha very droll */ } |