diff options
Diffstat (limited to 'source/rpc_server/srv_samr_nt.c')
-rw-r--r-- | source/rpc_server/srv_samr_nt.c | 136 |
1 files changed, 46 insertions, 90 deletions
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 139960f6613..84c78eab641 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -39,8 +39,6 @@ SA_RIGHT_USER_CHANGE_PASSWORD | \ SA_RIGHT_USER_SET_LOC_COM ) -extern DOM_SID global_sid_Builtin; - extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; extern rid_name builtin_alias_rids[]; @@ -80,7 +78,6 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd struct generic_mapping *map, DOM_SID *sid, uint32 sid_access ) { - extern DOM_SID global_sid_World; DOM_SID adm_sid, act_sid, domadmin_sid; SEC_ACE ace[5]; /* at most 5 entries */ SEC_ACCESS mask; @@ -867,6 +864,7 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, int i; uint32 group_entries = 0; uint32 num_entries = 0; + NTSTATUS result = NT_STATUS_OK; *p_num_entries = 0; @@ -884,6 +882,7 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, if (num_entries>max_entries) { DEBUG(5,("Limiting to %d entries\n", max_entries)); num_entries=max_entries; + result = STATUS_MORE_ENTRIES; } *d_grp=TALLOC_ZERO_ARRAY(ctx, DOMAIN_GRP, num_entries); @@ -906,7 +905,7 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DEBUG(10,("get_group_domain_entries: returning %d entries\n", *p_num_entries)); - return NT_STATUS_OK; + return result; } /******************************************************************* @@ -973,13 +972,19 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); /* the domain group array is being allocated in the function below */ - if (!NT_STATUS_IS_OK(r_u->status = get_group_domain_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES))) { + r_u->status = get_group_domain_entries(p->mem_ctx, &grp, &sid, + q_u->start_idx, &num_entries, + MAX_SAM_ENTRIES); + + if (!NT_STATUS_IS_OK(r_u->status) && + !NT_STATUS_EQUAL(r_u->status, STATUS_MORE_ENTRIES)) return r_u->status; - } - make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); + make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, + num_entries, grp); - init_samr_r_enum_dom_groups(r_u, q_u->start_idx, num_entries); + init_samr_r_enum_dom_groups(r_u, q_u->start_idx+num_entries, + num_entries); DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); @@ -1464,8 +1469,9 @@ NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_ makes a SAMR_R_LOOKUP_RIDS structure. ********************************************************************/ -static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring names[], - UNIHDR **pp_hdr_name, UNISTR2 **pp_uni_name) +static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, + const char **names, UNIHDR **pp_hdr_name, + UNISTR2 **pp_uni_name) { uint32 i; UNIHDR *hdr_name=NULL; @@ -1485,7 +1491,7 @@ static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring nam } for (i = 0; i < num_names; i++) { - DEBUG(10, ("names[%d]:%s\n", i, names[i] ? names[i] : "")); + DEBUG(10, ("names[%d]:%s\n", i, *names[i] ? names[i] : "")); init_unistr2(&uni_name[i], names[i], UNI_FLAGS_NONE); init_uni_hdr(&hdr_name[i], &uni_name[i]); } @@ -1502,16 +1508,13 @@ static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring nam NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP_RIDS *r_u) { - fstring group_names[MAX_SAM_ENTRIES]; - uint32 *group_attrs = NULL; + const char **names; + uint32 *attrs = NULL; UNIHDR *hdr_name = NULL; UNISTR2 *uni_name = NULL; DOM_SID pol_sid; int num_rids = q_u->num_rids1; - int i; uint32 acc_granted; - BOOL have_mapped = False; - BOOL have_unmapped = False; r_u->status = NT_STATUS_OK; @@ -1527,11 +1530,12 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK return NT_STATUS_UNSUCCESSFUL; } - if (num_rids) { - if ((group_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids )) == NULL) - return NT_STATUS_NO_MEMORY; - } - + names = TALLOC_ZERO_ARRAY(p->mem_ctx, const char *, num_rids); + attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids); + + if ((num_rids != 0) && ((names == NULL) || (attrs == NULL))) + return NT_STATUS_NO_MEMORY; + if (!sid_equal(&pol_sid, get_global_sam_sid())) { /* TODO: Sooner or later we need to look up BUILTIN rids as * well. -- vl */ @@ -1539,44 +1543,17 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK } become_root(); /* lookup_sid can require root privs */ - - for (i = 0; i < num_rids; i++) { - fstring tmpname; - fstring domname; - DOM_SID sid; - enum SID_NAME_USE type; - - group_attrs[i] = SID_NAME_UNKNOWN; - *group_names[i] = '\0'; - - sid_copy(&sid, &pol_sid); - sid_append_rid(&sid, q_u->rid[i]); - - if (lookup_sid(&sid, domname, tmpname, &type)) { - group_attrs[i] = (uint32)type; - fstrcpy(group_names[i],tmpname); - DEBUG(5,("_samr_lookup_rids: %s:%d\n", group_names[i], - group_attrs[i])); - have_mapped = True; - } else { - have_unmapped = True; - } - } - + r_u->status = pdb_lookup_rids(p->mem_ctx, &pol_sid, num_rids, q_u->rid, + &names, &attrs); unbecome_root(); done: - r_u->status = NT_STATUS_NONE_MAPPED; - - if (have_mapped) - r_u->status = - have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK; - - if(!make_samr_lookup_rids(p->mem_ctx, num_rids, group_names, &hdr_name, &uni_name)) + if(!make_samr_lookup_rids(p->mem_ctx, num_rids, names, + &hdr_name, &uni_name)) return NT_STATUS_NO_MEMORY; - init_samr_r_lookup_rids(r_u, num_rids, hdr_name, uni_name, group_attrs); + init_samr_r_lookup_rids(r_u, num_rids, hdr_name, uni_name, attrs); DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__)); @@ -1977,7 +1954,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S DOM_GID *gids = NULL; int num_groups = 0; gid_t *unix_gids; - int i, num_gids, num_sids; + int i, num_gids; uint32 acc_granted; BOOL ret; NTSTATUS result; @@ -2027,7 +2004,6 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S } sids = NULL; - num_sids = 0; become_root(); result = pdb_enum_group_memberships(pdb_get_username(sam_pass), @@ -2900,7 +2876,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, SAM_ACCOUNT *pwd) acct_ctrl = pdb_get_acct_ctrl(pwd); - if (!decode_pw_buffer((char*)id23->pass, plaintext_buf, 256, &len, STR_UNICODE)) { + if (!decode_pw_buffer(id23->pass, plaintext_buf, 256, &len, STR_UNICODE)) { pdb_free_sam(&pwd); return False; } @@ -2951,7 +2927,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, SAM_ACCOUNT *pwd) set_user_info_pw ********************************************************************/ -static BOOL set_user_info_pw(char *pass, SAM_ACCOUNT *pwd) +static BOOL set_user_info_pw(uint8 *pass, SAM_ACCOUNT *pwd) { uint32 len; pstring plaintext_buf; @@ -3097,7 +3073,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE dump_data(100, (char *)ctr->info.id24->pass, 516); - if (!set_user_info_pw((char *)ctr->info.id24->pass, pwd)) + if (!set_user_info_pw(ctr->info.id24->pass, pwd)) r_u->status = NT_STATUS_ACCESS_DENIED; break; @@ -3259,8 +3235,8 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u) { - int num_groups = 0; - uint32 *rids=NULL; + int num_alias_rids; + uint32 *alias_rids; struct samr_info *info = NULL; int i; @@ -3268,8 +3244,6 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, NTSTATUS ntstatus2; DOM_SID *members; - DOM_SID *aliases; - int num_aliases; BOOL res; r_u->status = NT_STATUS_OK; @@ -3302,35 +3276,20 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, for (i=0; i<q_u->num_sids1; i++) sid_copy(&members[i], &q_u->sid[i].sid); + alias_rids = NULL; + num_alias_rids = 0; + become_root(); - res = pdb_enum_alias_memberships(members, - q_u->num_sids1, &aliases, - &num_aliases); + res = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members, + q_u->num_sids1, + &alias_rids, &num_alias_rids); unbecome_root(); if (!res) return NT_STATUS_UNSUCCESSFUL; - rids = NULL; - num_groups = 0; - - for (i=0; i<num_aliases; i++) { - uint32 rid; - - if (!sid_peek_check_rid(&info->sid, &aliases[i], &rid)) - continue; - - rids = TALLOC_REALLOC_ARRAY(p->mem_ctx, rids, uint32, num_groups+1); - - if (rids == NULL) - return NT_STATUS_NO_MEMORY; - - rids[num_groups] = rid; - num_groups += 1; - } - SAFE_FREE(aliases); - - init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK); + init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids, + NT_STATUS_OK); return NT_STATUS_OK; } @@ -3821,7 +3780,6 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM DOM_SID user_sid; SAM_ACCOUNT *sam_pass=NULL; uint32 acc_granted; - SE_PRIV se_rights; BOOL can_add_accounts; BOOL ret; @@ -3847,8 +3805,7 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM return NT_STATUS_NO_SUCH_USER; } - se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4121,7 +4078,6 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S DOM_SID dom_sid; DOM_SID info_sid; fstring name; - struct group *grp; struct samr_info *info; uint32 acc_granted; gid_t gid; @@ -4168,7 +4124,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S return NT_STATUS_ACCESS_DENIED; /* check if the group has been successfully created */ - if ((grp=getgrgid(gid)) == NULL) + if ( getgrgid(gid) == NULL ) return NT_STATUS_ACCESS_DENIED; if ((info = get_samr_info_by_sid(&info_sid)) == NULL) |