summaryrefslogtreecommitdiffstats
path: root/source/rpc_server/srv_samr_nt.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/rpc_server/srv_samr_nt.c')
-rw-r--r--source/rpc_server/srv_samr_nt.c141
1 files changed, 98 insertions, 43 deletions
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 4d44f8312b3..8f981dc41d4 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -5,11 +5,12 @@
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997,
* Copyright (C) Marc Jacobsen 1999,
- * Copyright (C) Jeremy Allison 2001-2002,
+ * Copyright (C) Jeremy Allison 2001-2005,
* Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002,
* Copyright (C) Gerald (Jerry) Carter 2003-2004,
* Copyright (C) Simo Sorce 2003.
+ * Copyright (C) Volker Lendecke 2005.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -46,15 +47,16 @@ typedef struct disp_info {
struct disp_info *next, *prev;
TALLOC_CTX *mem_ctx;
DOM_SID sid; /* identify which domain this is. */
+ BOOL builtin_domain; /* Quick flag to check if this is the builtin domain. */
struct pdb_search *users; /* querydispinfo 1 and 4 */
struct pdb_search *machines; /* querydispinfo 2 */
struct pdb_search *groups; /* querydispinfo 3 and 5, enumgroups */
struct pdb_search *aliases; /* enumaliases */
- struct pdb_search *builtins; /* enumaliases */
uint16 enum_acb_mask;
struct pdb_search *enum_users; /* enumusers with a mask */
+
smb_event_id_t di_cache_timeout_event; /* cache idle timeout handler. */
} DISP_INFO;
@@ -66,19 +68,38 @@ static DISP_INFO *disp_info_list;
struct samr_info {
/* for use by the \PIPE\samr policy */
DOM_SID sid;
+ BOOL builtin_domain; /* Quick flag to check if this is the builtin domain. */
uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */
uint32 acc_granted;
- uint16 acb_mask;
- BOOL only_machines;
DISP_INFO *disp_info;
TALLOC_CTX *mem_ctx;
};
-struct generic_mapping sam_generic_mapping = {GENERIC_RIGHTS_SAM_READ, GENERIC_RIGHTS_SAM_WRITE, GENERIC_RIGHTS_SAM_EXECUTE, GENERIC_RIGHTS_SAM_ALL_ACCESS};
-struct generic_mapping dom_generic_mapping = {GENERIC_RIGHTS_DOMAIN_READ, GENERIC_RIGHTS_DOMAIN_WRITE, GENERIC_RIGHTS_DOMAIN_EXECUTE, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
-struct generic_mapping usr_generic_mapping = {GENERIC_RIGHTS_USER_READ, GENERIC_RIGHTS_USER_WRITE, GENERIC_RIGHTS_USER_EXECUTE, GENERIC_RIGHTS_USER_ALL_ACCESS};
-struct generic_mapping grp_generic_mapping = {GENERIC_RIGHTS_GROUP_READ, GENERIC_RIGHTS_GROUP_WRITE, GENERIC_RIGHTS_GROUP_EXECUTE, GENERIC_RIGHTS_GROUP_ALL_ACCESS};
-struct generic_mapping ali_generic_mapping = {GENERIC_RIGHTS_ALIAS_READ, GENERIC_RIGHTS_ALIAS_WRITE, GENERIC_RIGHTS_ALIAS_EXECUTE, GENERIC_RIGHTS_ALIAS_ALL_ACCESS};
+static struct generic_mapping sam_generic_mapping = {
+ GENERIC_RIGHTS_SAM_READ,
+ GENERIC_RIGHTS_SAM_WRITE,
+ GENERIC_RIGHTS_SAM_EXECUTE,
+ GENERIC_RIGHTS_SAM_ALL_ACCESS};
+static struct generic_mapping dom_generic_mapping = {
+ GENERIC_RIGHTS_DOMAIN_READ,
+ GENERIC_RIGHTS_DOMAIN_WRITE,
+ GENERIC_RIGHTS_DOMAIN_EXECUTE,
+ GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
+static struct generic_mapping usr_generic_mapping = {
+ GENERIC_RIGHTS_USER_READ,
+ GENERIC_RIGHTS_USER_WRITE,
+ GENERIC_RIGHTS_USER_EXECUTE,
+ GENERIC_RIGHTS_USER_ALL_ACCESS};
+static struct generic_mapping grp_generic_mapping = {
+ GENERIC_RIGHTS_GROUP_READ,
+ GENERIC_RIGHTS_GROUP_WRITE,
+ GENERIC_RIGHTS_GROUP_EXECUTE,
+ GENERIC_RIGHTS_GROUP_ALL_ACCESS};
+static struct generic_mapping ali_generic_mapping = {
+ GENERIC_RIGHTS_ALIAS_READ,
+ GENERIC_RIGHTS_ALIAS_WRITE,
+ GENERIC_RIGHTS_ALIAS_EXECUTE,
+ GENERIC_RIGHTS_ALIAS_ALL_ACCESS};
/*******************************************************************
*******************************************************************/
@@ -247,8 +268,12 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid, const char *sid_str)
return NULL;
dpi->mem_ctx = mem_ctx;
+
if (psid) {
sid_copy( &dpi->sid, psid);
+ dpi->builtin_domain = sid_check_is_builtin(psid);
+ } else {
+ dpi->builtin_domain = False;
}
DLIST_ADD(disp_info_list, dpi);
@@ -280,8 +305,10 @@ static struct samr_info *get_samr_info_by_sid(DOM_SID *psid)
DEBUG(10,("get_samr_info_by_sid: created new info for sid %s\n", sid_str));
if (psid) {
sid_copy( &info->sid, psid);
+ info->builtin_domain = sid_check_is_builtin(psid);
} else {
DEBUG(10,("get_samr_info_by_sid: created new info for NULL sid.\n"));
+ info->builtin_domain = False;
}
info->mem_ctx = mem_ctx;
@@ -328,11 +355,6 @@ static void free_samr_cache(DISP_INFO *disp_info, const char *sid_str)
pdb_search_destroy(disp_info->aliases);
disp_info->aliases = NULL;
}
- if (disp_info->builtins) {
- DEBUG(10,("free_samr_cache: deleting builtins cache\n"));
- pdb_search_destroy(disp_info->builtins);
- disp_info->builtins = NULL;
- }
if (disp_info->enum_users) {
DEBUG(10,("free_samr_cache: deleting enum_users cache\n"));
pdb_search_destroy(disp_info->enum_users);
@@ -452,6 +474,12 @@ static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass)
static uint32 count_sam_users(struct disp_info *info, uint16 acct_flags)
{
struct samr_displayentry *entry;
+
+ if (info->builtin_domain) {
+ /* No users in builtin. */
+ return 0;
+ }
+
if (info->users == NULL) {
info->users = pdb_search_users(acct_flags);
if (info->users == NULL) {
@@ -470,6 +498,12 @@ static uint32 count_sam_users(struct disp_info *info, uint16 acct_flags)
static uint32 count_sam_groups(struct disp_info *info)
{
struct samr_displayentry *entry;
+
+ if (info->builtin_domain) {
+ /* No groups in builtin. */
+ return 0;
+ }
+
if (info->groups == NULL) {
info->groups = pdb_search_groups();
if (info->groups == NULL) {
@@ -485,6 +519,25 @@ static uint32 count_sam_groups(struct disp_info *info)
return info->groups->num_entries;
}
+static uint32 count_sam_aliases(struct disp_info *info)
+{
+ struct samr_displayentry *entry;
+
+ if (info->aliases == NULL) {
+ info->aliases = pdb_search_aliases(&info->sid);
+ if (info->aliases == NULL) {
+ return 0;
+ }
+ }
+ /* Fetch the last possible entry, thus trigger an enumeration */
+ pdb_search_entries(info->aliases, 0xffffffff, 1, &entry);
+
+ /* Ensure we cache this enumeration. */
+ set_disp_info_cache_timeout(info, DISP_INFO_CACHE_TIMEOUT);
+
+ return info->aliases->num_entries;
+}
+
/*******************************************************************
_samr_close_hnd
********************************************************************/
@@ -544,6 +597,11 @@ NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN
if ( !NT_STATUS_IS_OK(status) )
return status;
+ if (!sid_check_is_domain(&q_u->dom_sid.sid) &&
+ !sid_check_is_builtin(&q_u->dom_sid.sid)) {
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ }
+
/* associate the domain SID with the (unique) handle. */
if ((info = get_samr_info_by_sid(&q_u->dom_sid.sid))==NULL)
return NT_STATUS_NO_MEMORY;
@@ -756,6 +814,13 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+ if (info->builtin_domain) {
+ /* No users in builtin. */
+ init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
+ DEBUG(5,("_samr_enum_dom_users: No users in BUILTIN\n"));
+ return r_u->status;
+ }
+
become_root();
/* AS ROOT !!!! */
@@ -882,6 +947,13 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM
DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
+ if (info->builtin_domain) {
+ /* No groups in builtin. */
+ init_samr_r_enum_dom_groups(r_u, q_u->start_idx, 0);
+ DEBUG(5,("_samr_enum_dom_users: No groups in BUILTIN\n"));
+ return r_u->status;
+ }
+
/* the domain group array is being allocated in the function below */
become_root();
@@ -920,7 +992,6 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
{
struct samr_info *info;
struct samr_displayentry *aliases;
- struct pdb_search **search = NULL;
uint32 num_aliases = 0;
/* find the policy handle. open a policy on it. */
@@ -936,25 +1007,17 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n",
sid_string_static(&info->sid)));
- if (sid_check_is_domain(&info->sid))
- search = &info->disp_info->aliases;
- if (sid_check_is_builtin(&info->sid))
- search = &info->disp_info->builtins;
-
- if (search == NULL)
- return NT_STATUS_INVALID_HANDLE;
-
become_root();
- if (*search == NULL) {
- *search = pdb_search_aliases(&info->sid);
- if (*search == NULL) {
+ if (info->disp_info->aliases == NULL) {
+ info->disp_info->aliases = pdb_search_aliases(&info->sid);
+ if (info->disp_info->aliases == NULL) {
unbecome_root();
return NT_STATUS_ACCESS_DENIED;
}
}
- num_aliases = pdb_search_entries(*search, q_u->start_idx,
+ num_aliases = pdb_search_entries(info->disp_info->aliases, q_u->start_idx,
MAX_SAM_ENTRIES, &aliases);
unbecome_root();
@@ -1493,19 +1556,11 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
if ((num_rids != 0) && ((names == NULL) || (attrs == NULL)))
return NT_STATUS_NO_MEMORY;
- if (!sid_equal(&pol_sid, get_global_sam_sid())) {
- /* TODO: Sooner or later we need to look up BUILTIN rids as
- * well. -- vl */
- goto done;
- }
-
become_root(); /* lookup_sid can require root privs */
- r_u->status = pdb_lookup_rids(p->mem_ctx, &pol_sid, num_rids, q_u->rid,
- &names, &attrs);
+ r_u->status = pdb_lookup_rids(&pol_sid, num_rids, q_u->rid,
+ names, attrs);
unbecome_root();
- done:
-
if(!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
&hdr_name, &uni_name))
return NT_STATUS_NO_MEMORY;
@@ -2081,9 +2136,9 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
/* AS ROOT !!! */
- num_users=count_sam_users(info->disp_info,
- ACB_NORMAL);
- num_groups=count_sam_groups(info->disp_info);
+ num_users = count_sam_users(info->disp_info, ACB_NORMAL);
+ num_groups = count_sam_groups(info->disp_info);
+ num_aliases = count_sam_aliases(info->disp_info);
pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
u_logout = account_policy_temp;
@@ -4623,9 +4678,9 @@ NTSTATUS _samr_query_domain_info2(pipes_struct *p,
break;
case 0x02:
become_root();
- num_users = count_sam_users(info->disp_info,
- ACB_NORMAL);
+ num_users = count_sam_users(info->disp_info, ACB_NORMAL);
num_groups = count_sam_groups(info->disp_info);
+ num_aliases = count_sam_aliases(info->disp_info);
unbecome_root();
pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
@@ -4725,7 +4780,7 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
- pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.flag);
+ pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.password_properties);
pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
break;
generated by cgit (git 2.34.1) at 2024-06-10 17:10:26 +0000