permissions tabs.
Using this code you can now see UNIX users and groups as owners and
have the standard UNIX permissions mapped into NT ACLs.
There are still a couple of rough edges, but it's a significant
improvement on the code that was in the 2.0.x tree.
Jeremy.
/*The following definitions come from lib/util_sid.c */
+void generate_wellknown_sids(void);
+BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain);
+BOOL lookup_known_rid(DOM_SID *sid, uint32 rid, char *name, uint8 *psid_name_use);
+BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain);
+void split_domain_name(const char *fullname, char *domain, char *name);
char *sid_to_string(pstring sidstr_out, DOM_SID *sid);
BOOL string_to_sid(DOM_SID *sidout, char *sidstr);
BOOL sid_append_rid(DOM_SID *sid, uint32 rid);
BOOL sid_split_rid(DOM_SID *sid, uint32 *rid);
-void sid_copy(DOM_SID *sid1, DOM_SID *sid2);
+void sid_copy(DOM_SID *dst, DOM_SID *src);
DOM_SID *sid_dup(DOM_SID *src);
BOOL sid_linearize(char *outbuf, size_t len, DOM_SID *sid);
BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2);
BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
BOOL pdb_generate_sam_sid(void);
uid_t pdb_user_rid_to_uid(uint32 user_rid);
+gid_t pdb_user_rid_to_gid(uint32 user_rid);
uint32 pdb_uid_to_user_rid(uid_t uid);
uint32 pdb_gid_to_group_rid(gid_t gid);
BOOL pdb_rid_is_user(uint32 rid);
+BOOL lookup_local_rid(uint32 rid, char *name, uint8 *psid_name_use);
+BOOL lookup_local_name(char *domain, char *user, DOM_SID *psid, uint8 *psid_name_use);
/*The following definitions come from passdb/smbpass.c */
uint16 level);
BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth);
BOOL lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, int depth);
-BOOL lsa_io_q_lookup_rids(char *desc, LSA_Q_LOOKUP_RIDS *q_r, prs_struct *ps, int depth);
-BOOL lsa_io_r_lookup_rids(char *desc, LSA_R_LOOKUP_RIDS *r_r, prs_struct *ps, int depth);
+void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd,
+ int num_names, char **names);
+BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth);
+BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth);
void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd);
BOOL lsa_io_q_close(char *desc, LSA_Q_CLOSE *q_c, prs_struct *ps, int depth);
BOOL lsa_io_r_close(char *desc, LSA_R_CLOSE *r_c, prs_struct *ps, int depth);
BOOL smb_io_dom_sid2(char *desc, DOM_SID2 *sid, prs_struct *ps, int depth);
void init_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer);
BOOL smb_io_strhdr(char *desc, STRHDR *hdr, prs_struct *ps, int depth);
-void init_uni_hdr(UNIHDR *hdr, int max_len, int len, uint32 buffer);
+void init_uni_hdr(UNIHDR *hdr, int len);
BOOL smb_io_unihdr(char *desc, UNIHDR *hdr, prs_struct *ps, int depth);
void init_buf_hdr(BUFHDR *hdr, int max_len, int len);
BOOL smb_io_hdrbuf_pre(char *desc, BUFHDR *hdr, prs_struct *ps, int depth, uint32 *offset);
BOOL smb_io_hdrbuf_post(char *desc, BUFHDR *hdr, prs_struct *ps, int depth,
uint32 ptr_hdrbuf, uint32 max_len, uint32 len);
BOOL smb_io_hdrbuf(char *desc, BUFHDR *hdr, prs_struct *ps, int depth);
-void init_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate);
+void init_uni_hdr2(UNIHDR2 *hdr, int len);
BOOL smb_io_unihdr2(char *desc, UNIHDR2 *hdr2, prs_struct *ps, int depth);
void init_unistr(UNISTR *str, char *buf);
BOOL smb_io_unistr(char *desc, UNISTR *uni, prs_struct *ps, int depth);
BOOL smb_io_string2(char *desc, STRING2 *str2, uint32 buffer, prs_struct *ps, int depth);
void init_unistr2(UNISTR2 *str, char *buf, int len);
BOOL smb_io_unistr2(char *desc, UNISTR2 *uni2, uint32 buffer, prs_struct *ps, int depth);
-void init_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type);
+void init_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type, uint32 idx);
BOOL smb_io_dom_rid2(char *desc, DOM_RID2 *rid2, prs_struct *ps, int depth);
void init_dom_rid3(DOM_RID3 *rid3, uint32 rid, uint8 type);
BOOL smb_io_dom_rid3(char *desc, DOM_RID3 *rid3, prs_struct *ps, int depth);
/*The following definitions come from smbd/oplock.c */
int32 get_number_of_open_oplocks(void);
-BOOL defer_processing_due_to_kernel_oplock(files_struct *fsp);
BOOL setup_kernel_oplock_pipe(void);
BOOL open_oplock_ipc(void);
BOOL receive_local_message(fd_set *fds, char *buffer, int buffer_len, int timeout);
} LSA_R_CLOSE;
-#define MAX_REF_DOMAINS 10
+#define MAX_REF_DOMAINS 32
/* DOM_TRUST_HDR */
typedef struct dom_trust_hdr
/* DOM_R_REF */
typedef struct dom_ref_info
{
- uint32 undoc_buffer; /* undocumented buffer pointer. */
- uint32 num_ref_doms_1; /* num referenced domains */
- uint32 undoc_buffer2; /* undocumented domain name buffer pointer. */
- uint32 max_entries; /* 32 - max number of entries */
- uint32 num_ref_doms_2; /* num referenced domains */
+ uint32 num_ref_doms_1; /* num referenced domains */
+ uint32 ptr_ref_dom; /* pointer to referenced domains */
+ uint32 max_entries; /* 32 - max number of entries */
+ uint32 num_ref_doms_2; /* num referenced domains */
- DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
- DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */
+ DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
+ DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */
} DOM_R_REF;
/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
typedef struct lsa_r_lookup_sids
{
+ uint32 ptr_dom_ref;
DOM_R_REF *dom_ref; /* domain reference info */
+
LSA_TRANS_NAME_ENUM *names;
uint32 mapped_count;
} LSA_R_LOOKUP_SIDS;
-
-#define UNKNOWN_LEN 1
-
-/* LSA_Q_LOOKUP_RIDS - LSA Lookup RIDs */
-typedef struct lsa_q_lookup_rids
-{
- POLICY_HND pol; /* policy handle */
- uint32 num_entries;
- uint32 num_entries2;
- uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */
- uint32 buffer_dom_name; /* undocumented domain name buffer pointer */
- UNISTR3 lookup_name[MAX_LOOKUP_SIDS]; /* names to be looked up */
- uint8 undoc[UNKNOWN_LEN]; /* completely undocumented bytes of unknown length */
-
-} LSA_Q_LOOKUP_RIDS;
-
-/* LSA_R_LOOKUP_RIDS - response to LSA Lookup RIDs by name */
-typedef struct lsa_r_lookup_rids
+/* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
+typedef struct lsa_q_lookup_names
{
- DOM_R_REF dom_ref; /* domain reference info */
+ POLICY_HND pol; /* policy handle */
+ uint32 num_entries;
+ uint32 num_entries2;
+ UNIHDR hdr_name[MAX_LOOKUP_SIDS]; /* name buffer pointers */
+ UNISTR2 uni_name[MAX_LOOKUP_SIDS]; /* names to be looked up */
- uint32 num_entries;
- uint32 undoc_buffer; /* undocumented buffer pointer */
+ uint32 num_trans_entries;
+ uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
+ uint32 lookup_level;
+ uint32 mapped_count;
+
+} LSA_Q_LOOKUP_NAMES;
- uint32 num_entries2;
- DOM_RID2 dom_rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */
+/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
+typedef struct lsa_r_lookup_names
+{
+ uint32 ptr_dom_ref;
+ DOM_R_REF *dom_ref; /* domain reference info */
- uint32 num_entries3;
+ uint32 num_entries;
+ uint32 ptr_entries;
+ uint32 num_entries2;
+ DOM_RID2 *dom_rid; /* domain RIDs being looked up */
- uint32 status; /* return code */
+ uint32 mapped_count;
-} LSA_R_LOOKUP_RIDS;
+ uint32 status; /* return code */
+} LSA_R_LOOKUP_NAMES;
#endif /* _RPC_LSA_H */
/* DOM_RID2 - domain RID structure for ntlsa pipe */
typedef struct domrid2_info
{
- uint32 type; /* value is 5 */
- uint32 undoc; /* value is non-zero */
- uint32 rid;
- uint32 rid_idx; /* don't know what this is */
+ uint8 type; /* value is SID_NAME_USE enum */
+ uint32 rid;
+ uint32 rid_idx; /* referenced domain index */
} DOM_RID2;
/* DOM_RID3 - domain RID structure for samr pipe */
typedef struct domrid3_info
{
- uint32 rid; /* domain-relative (to a SID) id */
- uint32 type1; /* value is 0x1 */
- uint32 ptr_type; /* undocumented pointer */
- uint32 type2; /* value is 0x1 */
+ uint32 rid; /* domain-relative (to a SID) id */
+ uint32 type1; /* value is 0x1 */
+ uint32 ptr_type; /* undocumented pointer */
+ uint32 type2; /* value is 0x1 */
+ uint32 unk; /* value is 0x2 */
} DOM_RID3;
/* DOM_RID4 - rid + user attributes */
typedef struct domrid4_info
{
- uint32 unknown;
+ uint32 unknown;
uint16 attr;
uint32 rid; /* user RID */
} SAMR_R_UNKNOWN_32;
-
/* SAMR_Q_OPEN_ALIAS - probably an open */
typedef struct q_samr_open_alias_info
{
#define FILE_ALL_STANDARD_ACCESS 0x1F0000
/* Mapping of access rights to UNIX perms. */
+#if 0 /* Don't use all here... JRA. */
#define UNIX_ACCESS_RWX (FILE_ALL_ATTRIBUTES|FILE_ALL_STANDARD_ACCESS)
+#else
+#define UNIX_ACCESS_RWX (UNIX_ACCESS_R|UNIX_ACCESS_W|UNIX_ACCESS_X)
+#endif
+
#define UNIX_ACCESS_R (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_READ_DATA)
#define UNIX_ACCESS_W (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
Version 1.9.
Samba utility functions
Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
+ Copyright (C) Jeremy Allison 1999
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
extern int DEBUGLEVEL;
+DOM_SID global_sam_sid;
+extern pstring global_myname;
+extern fstring global_myworkgroup;
+
+/*
+ * Some useful sids
+ */
+
+DOM_SID global_sid_S_1_5_0x20; /* local well-known domain */
+DOM_SID global_sid_World_Domain; /* everyone */
+DOM_SID global_sid_World; /* everyone */
+DOM_SID global_sid_Creator_Owner_Domain; /* Creator Owner */
+DOM_SID global_sid_Creator_Owner; /* Creator Owner */
+DOM_SID global_sid_NT_Authority; /* NT Authority */
+
+typedef struct _known_sid_users {
+ uint32 rid;
+ uint8 sid_name_use;
+ char *known_user_name;
+} known_sid_users;
+
+static known_sid_users no_users[] = {{0, 0, NULL}};
+static known_sid_users everyone_users[] = {{ 0, SID_NAME_WKN_GRP, "Everyone" }, {0, 0, NULL}};
+static known_sid_users creator_owner_users[] = {{ 0, SID_NAME_ALIAS, "Creator Owner" }, {0, 0, NULL}};
+static known_sid_users nt_authority_users[] = {{ 1, SID_NAME_ALIAS, "Dialup" },
+ { 2, SID_NAME_ALIAS, "Network"},
+ { 3, SID_NAME_ALIAS, "Batch"},
+ { 4, SID_NAME_ALIAS, "Interactive"},
+ { 6, SID_NAME_ALIAS, "Service"},
+ { 7, SID_NAME_ALIAS, "AnonymousLogon"},
+ { 8, SID_NAME_ALIAS, "Proxy"},
+ { 9, SID_NAME_ALIAS, "ServerLogon"},
+ {0, 0, NULL}};
+
+static struct sid_name_map_info
+{
+ DOM_SID *sid;
+ char *name;
+ known_sid_users *known_users;
+}
+sid_name_map[] =
+{
+ { &global_sam_sid, global_myname, NULL},
+ { &global_sam_sid, global_myworkgroup, NULL},
+ { &global_sid_S_1_5_0x20, "BUILTIN", NULL},
+ { &global_sid_World_Domain, "", &everyone_users[0] },
+ { &global_sid_Creator_Owner_Domain, "", &creator_owner_users[0] },
+ { &global_sid_NT_Authority, "NT Authority", &nt_authority_users[0] },
+ { NULL, NULL, NULL}
+};
+
+/****************************************************************************
+ Creates some useful well known sids
+****************************************************************************/
+
+void generate_wellknown_sids(void)
+{
+ string_to_sid(&global_sid_S_1_5_0x20, "S-1-5-32");
+ string_to_sid(&global_sid_World_Domain, "S-1-1");
+ string_to_sid(&global_sid_World, "S-1-1-0");
+ string_to_sid(&global_sid_Creator_Owner_Domain, "S-1-3");
+ string_to_sid(&global_sid_Creator_Owner, "S-1-3-0");
+ string_to_sid(&global_sid_NT_Authority, "S-1-5");
+}
+
+/**************************************************************************
+ Turns a domain SID into a name, returned in the nt_domain argument.
+***************************************************************************/
+
+BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain)
+{
+ fstring sid_str;
+ int i = 0;
+ sid_to_string(sid_str, sid);
+
+ DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str));
+
+ if (nt_domain == NULL)
+ return False;
+
+ while (sid_name_map[i].sid != NULL) {
+ sid_to_string(sid_str, sid_name_map[i].sid);
+ DEBUG(5,("map_domain_sid_to_name: compare: %s\n", sid_str));
+ if (sid_equal(sid_name_map[i].sid, sid)) {
+ fstrcpy(nt_domain, sid_name_map[i].name);
+ DEBUG(5,("map_domain_sid_to_name: found '%s'\n", nt_domain));
+ return True;
+ }
+ i++;
+ }
+
+ DEBUG(5,("map_domain_sid_to_name: mapping for %s not found\n", sid_str));
+
+ return False;
+}
+
+/**************************************************************************
+ Looks up a known username from one of the known domains.
+***************************************************************************/
+
+BOOL lookup_known_rid(DOM_SID *sid, uint32 rid, char *name, uint8 *psid_name_use)
+{
+ int i = 0;
+ struct sid_name_map_info *psnm;
+
+ for(i = 0; sid_name_map[i].sid != NULL; i++) {
+ psnm = &sid_name_map[i];
+ if(sid_equal(psnm->sid, sid)) {
+ int j;
+ for(j = 0; psnm->known_users && psnm->known_users[j].known_user_name != NULL; j++) {
+ if(rid == psnm->known_users[j].rid) {
+ DEBUG(5,("lookup_builtin_rid: rid = %u, domain = '%s', user = '%s'\n",
+ (unsigned int)rid, psnm->name, psnm->known_users[j].known_user_name ));
+ fstrcpy( name, psnm->known_users[j].known_user_name);
+ *psid_name_use = psnm->known_users[j].sid_name_use;
+ return True;
+ }
+ }
+ }
+ }
+
+ return False;
+}
+
+/**************************************************************************
+ Turns a domain name into a SID.
+ *** side-effect: if the domain name is NULL, it is set to our domain ***
+***************************************************************************/
+
+BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain)
+{
+ int i = 0;
+
+ if (nt_domain == NULL) {
+ DEBUG(5,("map_domain_name_to_sid: mapping NULL domain to our SID.\n", nt_domain));
+ sid_copy(sid, &global_sam_sid);
+ return True;
+ }
+
+ if (nt_domain[0] == 0) {
+ fstrcpy(nt_domain, global_myname);
+ DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain));
+ sid_copy(sid, &global_sam_sid);
+ return True;
+ }
+
+ DEBUG(5,("map_domain_name_to_sid: %s\n", nt_domain));
+
+ while (sid_name_map[i].name != NULL) {
+ DEBUG(5,("map_domain_name_to_sid: compare: %s\n", sid_name_map[i].name));
+ if (strequal(sid_name_map[i].name, nt_domain)) {
+ fstring sid_str;
+ sid_copy(sid, sid_name_map[i].sid);
+ sid_to_string(sid_str, sid_name_map[i].sid);
+ DEBUG(5,("map_domain_name_to_sid: found %s\n", sid_str));
+ return True;
+ }
+ i++;
+ }
+ DEBUG(0,("map_domain_name_to_sid: mapping to %s not found.\n", (*nt_domain)));
+ return False;
+}
+
+/**************************************************************************
+ Splits a name of format \DOMAIN\name or name into its two components.
+ Sets the DOMAIN name to global_myname if it has not been specified.
+***************************************************************************/
+
+void split_domain_name(const char *fullname, char *domain, char *name)
+{
+ pstring full_name;
+ char *p;
+
+ *domain = *name = '\0';
+
+ if (fullname[0] == '\\')
+ fullname++;
+
+ pstrcpy(full_name, fullname);
+ p = strchr(full_name+1, '\\');
+
+ if (p != NULL) {
+ *p = 0;
+ fstrcpy(domain, full_name);
+ fstrcpy(name, p+1);
+ } else {
+ fstrcpy(domain, global_myname);
+ fstrcpy(name, full_name);
+ }
+
+ DEBUG(10,("split_domain_name:name '%s' split into domain :'%s' and user :'%s'\n",
+ fullname, domain, name));
+}
/*****************************************************************
Convert a SID to an ascii string.
slprintf(sidstr_out, sizeof(pstring) - 1, "S-%u-%lu", (unsigned int)sid->sid_rev_num, (unsigned long)ia);
- for (i = 0; i < sid->num_auths; i++)
- {
+ for (i = 0; i < sid->num_auths; i++) {
slprintf(subauth, sizeof(subauth)-1, "-%lu", (unsigned long)sid->sub_auths[i]);
pstrcat(sidstr_out, subauth);
}
sidout->num_auths = 0;
while(next_token(&p, tok, "-", sizeof(tok)) &&
- sidout->num_auths < MAXSUBAUTHS)
- {
+ sidout->num_auths < MAXSUBAUTHS) {
/*
* NOTE - the subauths are in native machine-endian format. They
* are converted to little-endian when linearized onto the wire.
}
/*****************************************************************
- add a rid to the end of a sid
+ Add a rid to the end of a sid
*****************************************************************/
+
BOOL sid_append_rid(DOM_SID *sid, uint32 rid)
{
- if (sid->num_auths < MAXSUBAUTHS)
- {
+ if (sid->num_auths < MAXSUBAUTHS) {
sid->sub_auths[sid->num_auths++] = rid;
return True;
}
}
/*****************************************************************
- removes the last rid from the end of a sid
+ Removes the last rid from the end of a sid
*****************************************************************/
+
BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
{
- if (sid->num_auths > 0)
- {
+ if (sid->num_auths > 0) {
sid->num_auths--;
- (*rid) = sid->sub_auths[sid->num_auths];
+ *rid = sid->sub_auths[sid->num_auths];
return True;
}
return False;
}
/*****************************************************************
- copies a sid
+ Copies a sid
*****************************************************************/
-void sid_copy(DOM_SID *sid1, DOM_SID *sid2)
+
+void sid_copy(DOM_SID *dst, DOM_SID *src)
{
int i;
- for (i = 0; i < sid2->num_auths; i++)
- {
- sid1->sub_auths[i] = sid2->sub_auths[i];
- }
+ dst->sid_rev_num = src->sid_rev_num;
+ dst->num_auths = src->num_auths;
+
+ memcpy(&dst->id_auth[0], &src->id_auth[0], sizeof(src->id_auth));
- sid1->num_auths = sid2->num_auths;
- sid1->sid_rev_num = sid2->sid_rev_num;
+ for (i = 0; i < src->num_auths; i++)
+ dst->sub_auths[i] = src->sub_auths[i];
}
/*****************************************************************
}
/*****************************************************************
- compare two sids
+ Compare two sids.
*****************************************************************/
+
BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
{
int i;
/* compare most likely different rids, first: i.e start at end */
for (i = sid1->num_auths-1; i >= 0; --i)
- {
- if (sid1->sub_auths[i] != sid2->sub_auths[i]) return False;
- }
+ if (sid1->sub_auths[i] != sid2->sub_auths[i])
+ return False;
- if (sid1->num_auths != sid2->num_auths ) return False;
- if (sid1->sid_rev_num != sid2->sid_rev_num) return False;
+ if (sid1->num_auths != sid2->num_auths)
+ return False;
+ if (sid1->sid_rev_num != sid2->sid_rev_num)
+ return False;
for (i = 0; i < 6; i++)
- {
- if (sid1->id_auth[i] != sid2->id_auth[i]) return False;
- }
+ if (sid1->id_auth[i] != sid2->id_auth[i])
+ return False;
return True;
}
/*****************************************************************
- calculates size of a sid
+ Calculates size of a sid.
*****************************************************************/
+
size_t sid_size(DOM_SID *sid)
{
if (sid == NULL)
- {
return 0;
- }
+
return sid->num_auths * sizeof(uint32) + 8;
}
extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
+extern fstring global_myworkgroup;
+extern pstring global_myname;
/***************************************************************************
-lsa_reply_open_policy2
+ lsa_reply_open_policy2
***************************************************************************/
-static void lsa_reply_open_policy2(prs_struct *rdata)
+
+static BOOL lsa_reply_open_policy2(prs_struct *rdata)
{
int i;
LSA_R_OPEN_POL2 r_o;
/* set up the LSA QUERY INFO response */
for (i = 4; i < POL_HND_SIZE; i++)
- {
r_o.pol.data[i] = i;
- }
r_o.status = 0x0;
/* store the response in the SMB stream */
- lsa_io_r_open_pol2("", &r_o, rdata, 0);
+ if(!lsa_io_r_open_pol2("", &r_o, rdata, 0)) {
+ DEBUG(0,("lsa_reply_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
lsa_reply_open_policy
***************************************************************************/
-static void lsa_reply_open_policy(prs_struct *rdata)
+
+static BOOL lsa_reply_open_policy(prs_struct *rdata)
{
int i;
LSA_R_OPEN_POL r_o;
/* set up the LSA QUERY INFO response */
for (i = 4; i < POL_HND_SIZE; i++)
- {
r_o.pol.data[i] = i;
- }
r_o.status = 0x0;
/* store the response in the SMB stream */
- lsa_io_r_open_pol("", &r_o, rdata, 0);
+ if(!lsa_io_r_open_pol("", &r_o, rdata, 0)) {
+ DEBUG(0,("lsa_reply_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
-make_dom_query
+Init dom_query
***************************************************************************/
-static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
+
+static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
{
+ fstring sid_str;
int domlen = strlen(dom_name);
d_q->uni_dom_max_len = domlen * 2;
d_q->uni_dom_str_len = domlen * 2;
- d_q->buffer_dom_name = 4; /* domain buffer pointer */
- d_q->buffer_dom_sid = 2; /* domain sid pointer */
+ d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */
+ d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */
/* this string is supposed to be character short */
- init_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
+ init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
- init_dom_sid2(&(d_q->dom_sid), dom_sid);
+ sid_to_string(sid_str, dom_sid);
+ init_dom_sid2(&d_q->dom_sid, dom_sid);
}
/***************************************************************************
-lsa_reply_query_info
+ lsa_reply_enum_trust_dom
***************************************************************************/
+
static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
prs_struct *rdata,
uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
/***************************************************************************
lsa_reply_query_info
***************************************************************************/
-static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
+
+static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
char *dom_name, DOM_SID *dom_sid)
{
LSA_R_QUERY_INFO r_q;
r_q.undoc_buffer = 0x22000000; /* bizarre */
r_q.info_class = q_q->info_class;
- make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ init_dom_query(&r_q.dom.id5, dom_name, dom_sid);
r_q.status = 0x0;
/* store the response in the SMB stream */
- lsa_io_r_query("", &r_q, rdata, 0);
-}
+ if(!lsa_io_r_query("", &r_q, rdata, 0)) {
+ DEBUG(0,("lsa_reply_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
+ return False;
+ }
+ return True;
+}
/***************************************************************************
-make_dom_ref
- ***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref, int num_domains,
- char **dom_names, DOM_SID **dom_sids)
-
+ init_dom_ref - adds a domain if it's not already in, returns the index.
+***************************************************************************/
+
+static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
{
- int i;
+ int num = 0;
+ int len;
+
+ if (dom_name != NULL) {
+ for (num = 0; num < ref->num_ref_doms_1; num++) {
+ fstring domname;
+ fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
+ if (strequal(domname, dom_name))
+ return num;
+ }
+ } else {
+ num = ref->num_ref_doms_1;
+ }
- if (num_domains > MAX_REF_DOMAINS)
- {
- num_domains = MAX_REF_DOMAINS;
+ if (num >= MAX_REF_DOMAINS) {
+ /* index not found, already at maximum domain limit */
+ return -1;
}
- ref->undoc_buffer = 1;
- ref->num_ref_doms_1 = num_domains;
- ref->undoc_buffer2 = 1;
+ ref->num_ref_doms_1 = num+1;
+ ref->ptr_ref_dom = 1;
ref->max_entries = MAX_REF_DOMAINS;
- ref->num_ref_doms_2 = num_domains;
+ ref->num_ref_doms_2 = num+1;
- for (i = 0; i < num_domains; i++)
- {
- int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0;
+ len = (dom_name != NULL) ? strlen(dom_name) : 0;
+ if(dom_name != NULL && len == 0)
+ len = 1;
- init_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0);
- ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0;
+ init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len);
+ ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
- init_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len);
- init_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]);
- }
+ init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len);
+ init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
+ return num;
}
/***************************************************************************
-make_reply_lookup_rids
+ init_lsa_rid2s
***************************************************************************/
-static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
- int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+
+static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2,
+ int num_entries, UNISTR2 name[MAX_LOOKUP_SIDS],
+ uint32 *mapped_count)
{
int i;
+ int total = 0;
+ *mapped_count = 0;
- make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids);
+ SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
- r_l->num_entries = num_entries;
- r_l->undoc_buffer = 1;
- r_l->num_entries2 = num_entries;
+ for (i = 0; i < num_entries; i++) {
+ BOOL status = False;
+ DOM_SID dom_sid;
+ DOM_SID sid;
+ uint32 rid = 0xffffffff;
+ int dom_idx = -1;
+ pstring full_name;
+ fstring dom_name;
+ fstring user;
+ uint8 sid_name_use = SID_NAME_UNKNOWN;
- SMB_ASSERT_ARRAY(r_l->dom_rid, num_entries);
+ pstrcpy(full_name, unistr2_to_str(&name[i]));
- for (i = 0; i < num_entries; i++)
- {
- init_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01);
+ /*
+ * Try and split the name into a DOMAIN and
+ * user component.
+ */
+
+ split_domain_name(full_name, dom_name, user);
+
+ /*
+ * We only do anything with this name if we
+ * can map the Domain into a SID we know.
+ */
+
+ if (map_domain_name_to_sid(&dom_sid, dom_name)) {
+ dom_idx = init_dom_ref(ref, dom_name, &dom_sid);
+
+ if (lookup_local_name(dom_name, user, &sid, &sid_name_use) && sid_split_rid(&sid, &rid))
+ status = True;
+ }
+
+ if (status)
+ (*mapped_count)++;
+ else {
+ dom_idx = -1;
+ rid = 0xffffffff;
+ sid_name_use = SID_NAME_UNKNOWN;
+ }
+
+ init_dom_rid2(&rid2[total], rid, sid_name_use, dom_idx);
+ total++;
}
+}
- r_l->num_entries3 = num_entries;
+/***************************************************************************
+ init_reply_lookup_names
+ ***************************************************************************/
+
+static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
+ DOM_R_REF *ref, uint32 num_entries,
+ DOM_RID2 *rid2, uint32 mapped_count)
+{
+ r_l->ptr_dom_ref = 1;
+ r_l->dom_ref = ref;
+
+ r_l->num_entries = num_entries;
+ r_l->ptr_entries = 1;
+ r_l->num_entries2 = num_entries;
+ r_l->dom_rid = rid2;
+
+ r_l->mapped_count = mapped_count;
+
+ if (mapped_count == 0)
+ r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ else
+ r_l->status = 0x0;
}
/***************************************************************************
-make_lsa_trans_names
+ Init lsa_trans_names.
***************************************************************************/
-static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
- int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- uint32 *total)
+
+static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
+ int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], uint32 *mapped_count)
{
- uint32 status = 0x0;
+ extern DOM_SID global_sid_S_1_5_0x20; /* BUILTIN sid. */
int i;
- (*total) = 0;
+ int total = 0;
+ *mapped_count = 0;
SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
- for (i = 0; i < num_entries; i++)
- {
+ for (i = 0; i < num_entries; i++) {
+ BOOL status = False;
+ DOM_SID find_sid = sid[i].sid;
+ DOM_SID tmp_sid = sid[i].sid;
uint32 rid = 0xffffffff;
- uint8 num_auths = sid[i].sid.num_auths;
+ int dom_idx = -1;
fstring name;
- uint32 type;
-
- SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths);
+ fstring dom_name;
+ uint8 sid_name_use = 0;
- /* find the rid to look up */
- if (num_auths != 0)
- {
- rid = sid[i].sid.sub_auths[num_auths-1];
+ memset(dom_name, '\0', sizeof(dom_name));
+ memset(name, '\0', sizeof(name));
- status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ /*
+ * First, check to see if the SID is one of the well
+ * known ones (this includes our own domain SID).
+ * Next, check if the domain prefix is one of the
+ * well known ones. If so and the domain prefix was
+ * either BUILTIN or our own global sid, then lookup
+ * the RID as a user or group id and translate to
+ * a name.
+ */
- status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status;
- status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status;
- status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status;
+ if (map_domain_sid_to_name(&find_sid, dom_name)) {
+ sid_name_use = SID_NAME_DOMAIN;
+ } else if (sid_split_rid(&find_sid, &rid) && map_domain_sid_to_name(&find_sid, dom_name)) {
+ if (sid_equal(&find_sid, &global_sam_sid) ||
+ sid_equal(&find_sid, &global_sid_S_1_5_0x20)) {
+ status = lookup_local_rid(rid, name, &sid_name_use);
+ } else {
+ status = lookup_known_rid(&find_sid, rid, name, &sid_name_use);
+ }
}
- if (status == 0x0)
- {
- init_lsa_trans_name(&(trn->name [(*total)]),
- &(trn->uni_name[(*total)]),
- type, name, (*total));
- (*total)++;
+ DEBUG(10,("init_lsa_trans_names: adding domain '%s' sid %s to referenced list.\n",
+ dom_name ));
+
+ dom_idx = init_dom_ref(ref, dom_name, &find_sid);
+
+ if(!status) {
+ slprintf(name, sizeof(name)-1, "unix.%08x", rid);
+ sid_name_use = SID_NAME_UNKNOWN;
}
+
+ DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to referenced list.\n", dom_name, name ));
+
+ (*mapped_count)++;
+
+ init_lsa_trans_name(&trn->name[total], &trn->uni_name[total],
+ sid_name_use, name, dom_idx);
+ total++;
}
- trn->num_entries = (*total);
+ trn->num_entries = total;
trn->ptr_trans_names = 1;
- trn->num_entries2 = (*total);
+ trn->num_entries2 = total;
}
/***************************************************************************
-make_reply_lookup_sids
+ Init_reply_lookup_sids.
***************************************************************************/
-static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
- DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
- uint32 mapped_count, uint32 status)
+
+static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
+ DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
+ uint32 mapped_count)
{
+ r_l->ptr_dom_ref = 1;
r_l->dom_ref = ref;
r_l->names = names;
r_l->mapped_count = mapped_count;
- r_l->status = status;
+
+ if (mapped_count == 0)
+ r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ else
+ r_l->status = 0x0;
}
/***************************************************************************
lsa_reply_lookup_sids
***************************************************************************/
-static void lsa_reply_lookup_sids(prs_struct *rdata,
- int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+
+static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entries)
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
ZERO_STRUCT(names);
/* set up the LSA Lookup SIDs response */
- make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids);
- make_lsa_trans_names(&names, num_entries, sid, &mapped_count);
- make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
+ init_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
+ init_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
/* store the response in the SMB stream */
- lsa_io_r_lookup_sids("", &r_l, rdata, 0);
+ if(!lsa_io_r_lookup_sids("", &r_l, rdata, 0)) {
+ DEBUG(0,("lsa_reply_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
-lsa_reply_lookup_rids
+lsa_reply_lookup_names
***************************************************************************/
-static void lsa_reply_lookup_rids(prs_struct *rdata,
- int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+
+static BOOL lsa_reply_lookup_names(prs_struct *rdata,
+ UNISTR2 names[MAX_LOOKUP_SIDS], int num_entries)
{
- LSA_R_LOOKUP_RIDS r_l;
+ LSA_R_LOOKUP_NAMES r_l;
+ DOM_R_REF ref;
+ DOM_RID2 rids[MAX_LOOKUP_SIDS];
+ uint32 mapped_count = 0;
ZERO_STRUCT(r_l);
+ ZERO_STRUCT(ref);
+ ZERO_STRUCT(rids);
/* set up the LSA Lookup RIDs response */
- make_reply_lookup_rids(&r_l, num_entries, dom_rids,
- num_ref_doms, dom_names, dom_sids);
- r_l.status = 0x0;
+ init_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
+ init_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
/* store the response in the SMB stream */
- lsa_io_r_lookup_rids("", &r_l, rdata, 0);
+ if(!lsa_io_r_lookup_names("", &r_l, rdata, 0)) {
+ DEBUG(0,("lsa_reply_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
-api_lsa_open_policy
+ api_lsa_open_policy2
***************************************************************************/
+
static BOOL api_lsa_open_policy2( uint16 vuid, prs_struct *data,
prs_struct *rdata )
{
ZERO_STRUCT(q_o);
/* grab the server, object attributes and desired access flag...*/
- lsa_io_q_open_pol2("", &q_o, data, 0);
+ if(!lsa_io_q_open_pol2("", &q_o, data, 0)) {
+ DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
+ return False;
+ }
/* lkclXXXX having decoded it, ignore all fields in the open policy! */
/* return a 20 byte policy handle */
- lsa_reply_open_policy2(rdata);
+ if(!lsa_reply_open_policy2(rdata))
+ return False;
return True;
}
ZERO_STRUCT(q_o);
/* grab the server, object attributes and desired access flag...*/
- lsa_io_q_open_pol("", &q_o, data, 0);
+ if(!lsa_io_q_open_pol("", &q_o, data, 0)) {
+ DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
+ return False;
+ }
/* lkclXXXX having decoded it, ignore all fields in the open policy! */
/* return a 20 byte policy handle */
- lsa_reply_open_policy(rdata);
+ if(!lsa_reply_open_policy(rdata))
+ return False;
return True;
}
prs_struct *rdata )
{
LSA_Q_QUERY_INFO q_i;
- pstring dom_name;
+ fstring name;
+ DOM_SID *sid = NULL;
+ memset(name, 0, sizeof(name));
ZERO_STRUCT(q_i);
/* grab the info class and policy handle */
- lsa_io_q_query("", &q_i, data, 0);
+ if(!lsa_io_q_query("", &q_i, data, 0)) {
+ DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
+ return False;
+ }
- pstrcpy(dom_name, lp_workgroup());
+ switch (q_i.info_class) {
+ case 0x03:
+ fstrcpy(name, global_myworkgroup);
+ sid = &global_sam_sid;
+ break;
+ case 0x05:
+ fstrcpy(name, global_myname);
+ sid = &global_sam_sid;
+ break;
+ default:
+ DEBUG(0,("api_lsa_query_info: unknown info level in Lsa Query: %d\n", q_i.info_class));
+ break;
+ }
/* construct reply. return status is always 0x0 */
- lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
+ if(!lsa_reply_query_info(&q_i, rdata, name, sid))
+ return False;
return True;
}
/***************************************************************************
-api_lsa_lookup_sids
+ api_lsa_lookup_sids
***************************************************************************/
-static BOOL api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
- prs_struct *rdata )
+
+static BOOL api_lsa_lookup_sids( uint16 vuid, prs_struct *data, prs_struct *rdata )
{
LSA_Q_LOOKUP_SIDS q_l;
- pstring dom_name;
- DOM_SID sid_S_1_1;
- DOM_SID sid_S_1_3;
- DOM_SID sid_S_1_5;
-
- DOM_SID *sid_array[4];
- char *dom_names[4];
-
ZERO_STRUCT(q_l);
- ZERO_STRUCT(sid_S_1_1);
- ZERO_STRUCT(sid_S_1_3);
- ZERO_STRUCT(sid_S_1_5);
/* grab the info class and policy handle */
- lsa_io_q_lookup_sids("", &q_l, data, 0);
-
- pstrcpy(dom_name, lp_workgroup());
-
- string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
-
- dom_names[0] = dom_name;
- sid_array[0] = &global_sam_sid;
-
- dom_names[1] = "Everyone";
- sid_array[1] = &sid_S_1_1;
-
- dom_names[2] = "don't know";
- sid_array[2] = &sid_S_1_3;
-
- dom_names[3] = "NT AUTHORITY";
- sid_array[3] = &sid_S_1_5;
+ if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) {
+ DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
+ return False;
+ }
/* construct reply. return status is always 0x0 */
- lsa_reply_lookup_sids(rdata,
- q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
- 4, dom_names, sid_array);
+ if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries))
+ return False;
return True;
}
/***************************************************************************
-api_lsa_lookup_names
+ api_lsa_lookup_names
***************************************************************************/
-static BOOL api_lsa_lookup_names( uint16 vuid, prs_struct *data,
- prs_struct *rdata )
-{
- int i;
- LSA_Q_LOOKUP_RIDS q_l;
- pstring dom_name;
- uint32 dom_rids[MAX_LOOKUP_SIDS];
- uint32 dummy_g_rid;
-
- DOM_SID sid_S_1_1;
- DOM_SID sid_S_1_3;
- DOM_SID sid_S_1_5;
-
- DOM_SID *sid_array[4];
- char *dom_names[4];
+static BOOL api_lsa_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rdata )
+{
+ LSA_Q_LOOKUP_NAMES q_l;
ZERO_STRUCT(q_l);
- ZERO_STRUCT(sid_S_1_1);
- ZERO_STRUCT(sid_S_1_3);
- ZERO_STRUCT(sid_S_1_5);
- ZERO_ARRAY(dom_rids);
/* grab the info class and policy handle */
- lsa_io_q_lookup_rids("", &q_l, data, 0);
-
- pstrcpy(dom_name, lp_workgroup());
-
- string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
-
- dom_names[0] = dom_name;
- sid_array[0] = &global_sam_sid;
-
- dom_names[1] = "Everyone";
- sid_array[1] = &sid_S_1_1;
-
- dom_names[2] = "don't know";
- sid_array[2] = &sid_S_1_3;
-
- dom_names[3] = "NT AUTHORITY";
- sid_array[3] = &sid_S_1_5;
-
- SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries);
-
- /* convert received RIDs to strings, so we can do them. */
- for (i = 0; i < q_l.num_entries; i++)
- {
- fstring user_name;
- fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
-
- /*
- * Map to the UNIX username.
- */
- map_username(user_name);
-
- /*
- * Do any case conversions.
- */
- (void)Get_Pwnam(user_name, True);
-
- if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
- {
- /* WHOOPS! we should really do something about this... */
- dom_rids[i] = 0;
- }
+ if(!lsa_io_q_lookup_names("", &q_l, data, 0)) {
+ DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
+ return False;
}
- /* construct reply. return status is always 0x0 */
- lsa_reply_lookup_rids(rdata,
- q_l.num_entries, dom_rids, /* text-converted SIDs */
- 4, dom_names, sid_array);
+ SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
- return True;
+ return lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
}
/***************************************************************************
* responsible.
*/
-DOM_SID global_sam_sid;
+extern DOM_SID global_sam_sid;
+extern pstring global_myname;
+extern fstring global_myworkgroup;
/*
* NOTE. All these functions are abstracted into a structure
SMB_STRUCT_STAT st;
BOOL overwrite_bad_sid = False;
+ generate_wellknown_sids();
+
pstrcpy(sid_file, lp_smb_passwd_file());
p = strrchr(sid_file, '/');
if(p != NULL) {
}
/*******************************************************************
- converts UNIX uid to an NT User RID.
+ Converts NT user RID to a UNIX uid.
********************************************************************/
uid_t pdb_user_rid_to_uid(uint32 user_rid)
return (uid_t)(((user_rid & (~USER_RID_TYPE))- 1000)/RID_MULTIPLIER);
}
+/*******************************************************************
+ Converts NT user RID to a UNIX gid.
+ ********************************************************************/
+
+gid_t pdb_user_rid_to_gid(uint32 user_rid)
+{
+ return (uid_t)(((user_rid & (~GROUP_RID_TYPE))- 1000)/RID_MULTIPLIER);
+}
+
/*******************************************************************
converts UNIX uid to an NT User RID.
********************************************************************/
}
return False;
}
+
+/*******************************************************************
+ Convert a rid into a name. Used in the lookup SID rpc.
+ ********************************************************************/
+
+BOOL lookup_local_rid(uint32 rid, char *name, uint8 *psid_name_use)
+{
+
+ BOOL is_user = pdb_rid_is_user(rid);
+
+ DEBUG(5,("lookup_local_rid: looking up %s RID %u.\n", is_user ? "user" :
+ "group", (unsigned int)rid));
+
+ if(is_user) {
+ if(rid == DOMAIN_USER_RID_ADMIN) {
+ pstring admin_users;
+ char *p = admin_users;
+ pstrcpy( admin_users, lp_domain_admin_users());
+ if(!next_token(&p, name, NULL, sizeof(fstring)))
+ fstrcpy(name, "Administrator");
+ } else if (rid == DOMAIN_USER_RID_GUEST) {
+ pstring guest_users;
+ char *p = guest_users;
+ pstrcpy( guest_users, lp_domain_guest_users());
+ if(!next_token(&p, name, NULL, sizeof(fstring)))
+ fstrcpy(name, "Guest");
+ } else {
+ uid_t uid = pdb_user_rid_to_uid(rid);
+ struct passwd *pass = getpwuid(uid);
+
+ *psid_name_use = SID_NAME_USER;
+
+ DEBUG(5,("lookup_local_rid: looking up uid %u %s\n", (unsigned int)uid,
+ pass ? "succeeded" : "failed" ));
+
+ if(!pass) {
+ slprintf(name, sizeof(fstring)-1, "unix_user.%u", (unsigned int)uid);
+ return True;
+ }
+
+ fstrcpy(name, pass->pw_name);
+
+ DEBUG(5,("lookup_local_rid: found user %s for rid %u\n", name,
+ (unsigned int)rid ));
+ }
+
+ } else {
+ gid_t gid = pdb_user_rid_to_gid(rid);
+ struct group *gr = getgrgid(gid);
+
+ *psid_name_use = SID_NAME_DOM_GRP;
+
+ DEBUG(5,("lookup_local_rid: looking up gid %u %s\n", (unsigned int)gid,
+ gr ? "succeeded" : "failed" ));
+
+ if(!gr) {
+ slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
+ return True;
+ }
+
+ fstrcpy( name, gr->gr_name);
+
+ DEBUG(5,("lookup_local_rid: found group %s for rid %u\n", name,
+ (unsigned int)rid ));
+ }
+
+ return True;
+}
+
+/*******************************************************************
+ Convert a name into a SID. Used in the lookup name rpc.
+ ********************************************************************/
+
+BOOL lookup_local_name(char *domain, char *user, DOM_SID *psid, uint8 *psid_name_use)
+{
+ extern DOM_SID global_sid_World_Domain;
+ struct passwd *pass = NULL;
+ DOM_SID local_sid;
+
+ sid_copy(&local_sid, &global_sam_sid);
+
+ if(!strequal(global_myname, domain) && !strequal(global_myworkgroup, domain))
+ return False;
+
+ /*
+ * Special case for MACHINE\Everyone. Map to the world_sid.
+ */
+
+ if(strequal(user, "Everyone")) {
+ sid_copy( psid, &global_sid_World_Domain);
+ sid_append_rid(psid, 0);
+ *psid_name_use = SID_NAME_ALIAS;
+ return True;
+ }
+
+ (void)map_username(user);
+
+ if(!(pass = Get_Pwnam(user, False))) {
+ /*
+ * Maybe it was a group ?
+ */
+ struct group *grp = getgrnam(user);
+
+ if(!grp)
+ return False;
+
+ sid_append_rid( &local_sid, pdb_gid_to_group_rid(grp->gr_gid));
+ *psid_name_use = SID_NAME_DOM_GRP;
+ } else {
+
+ sid_append_rid( &local_sid, pdb_uid_to_user_rid(pass->pw_uid));
+ *psid_name_use = SID_NAME_USER;
+ }
+
+ sid_copy( psid, &local_sid);
+
+ return True;
+}
/* report error code */
DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status)));
} else {
- if (t_names.ptr_trans_names != 0 && ref.undoc_buffer != 0)
+ if (t_names.ptr_trans_names != 0)
valid_response = True;
}
{
int len_name = strlen(name);
+ if(len_name == 0)
+ len_name = 1;
+
trn->sid_name_use = sid_name_use;
- init_uni_hdr(&(trn->hdr_name), len_name, len_name, len_name != 0);
+ init_uni_hdr(&trn->hdr_name, len_name);
init_unistr2(uni_name, name, len_name);
trn->domain_idx = idx;
}
{
int i, s, n;
- prs_debug(ps, depth, desc, "smb_io_dom_r_ref");
+ prs_debug(ps, depth, desc, "lsa_io_dom_r_ref");
depth++;
if (r_r == NULL)
if(!prs_align(ps))
return False;
- if(!prs_uint32("undoc_buffer ", ps, depth, &r_r->undoc_buffer)) /* undocumented buffer pointer. */
- return False;
if(!prs_uint32("num_ref_doms_1", ps, depth, &r_r->num_ref_doms_1)) /* num referenced domains? */
return False;
- if(!prs_uint32("undoc_buffer2 ", ps, depth, &r_r->undoc_buffer2)) /* undocumented buffer pointer. */
+ if(!prs_uint32("ptr_ref_dom ", ps, depth, &r_r->ptr_ref_dom)) /* undocumented buffer pointer. */
return False;
if(!prs_uint32("max_entries ", ps, depth, &r_r->max_entries)) /* 32 - max number of entries */
return False;
- if(!prs_uint32("num_ref_doms_2", ps, depth, &r_r->num_ref_doms_2)) /* 4 - num referenced domains? */
- return False;
- SMB_ASSERT_ARRAY(r_r->hdr_ref_dom, r_r->num_ref_doms_1-1);
- SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2);
+ SMB_ASSERT_ARRAY(r_r->hdr_ref_dom, r_r->num_ref_doms_1);
- for (i = 0; i < r_r->num_ref_doms_1; i++) {
- fstring t;
-
- slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
- if(!smb_io_unihdr(t, &r_r->hdr_ref_dom[i].hdr_dom_name, ps, depth))
+ if (r_r->ptr_ref_dom != 0) {
+ if(!prs_uint32("num_ref_doms_2", ps, depth, &r_r->num_ref_doms_2)) /* 4 - num referenced domains? */
return False;
- slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
- if(!prs_uint32(t, ps, depth, &r_r->hdr_ref_dom[i].ptr_dom_sid))
- return False;
- }
+ SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2);
- for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++) {
- fstring t;
+ for (i = 0; i < r_r->num_ref_doms_1; i++) {
+ fstring t;
- if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0) {
slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
- if(!smb_io_unistr2(t, &r_r->ref_dom[n].uni_dom_name, True, ps, depth)) /* domain name unicode string */
+ if(!smb_io_unihdr(t, &r_r->hdr_ref_dom[i].hdr_dom_name, ps, depth))
return False;
- n++;
- }
- if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0) {
slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
- if(!smb_io_dom_sid2("", &r_r->ref_dom[s].ref_dom, ps, depth)) /* referenced domain SIDs */
+ if(!prs_uint32(t, ps, depth, &r_r->hdr_ref_dom[i].ptr_dom_sid))
return False;
- s++;
+ }
+
+ for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++) {
+ fstring t;
+
+ if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0) {
+ slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
+ if(!smb_io_unistr2(t, &r_r->ref_dom[n].uni_dom_name, True, ps, depth)) /* domain name unicode string */
+ return False;
+ n++;
+ }
+
+ if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0) {
+ slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
+ if(!smb_io_dom_sid2("", &r_r->ref_dom[s].ref_dom, ps, depth)) /* referenced domain SIDs */
+ return False;
+ s++;
+ }
}
}
return True;
}
-
/*******************************************************************
Inits an LSA_SEC_QOS structure.
********************************************************************/
r_e->ptr_enum_domains = 1;
r_e->num_domains2 = 1;
- init_uni_hdr2(&r_e->hdr_domain_name, len_domain_name, len_domain_name, 4);
+ init_uni_hdr2(&r_e->hdr_domain_name, len_domain_name);
init_unistr2 (&r_e->uni_domain_name, domain_name, len_domain_name);
init_dom_sid2(&r_e->other_domain_sid, domain_sid);
} else {
********************************************************************/
static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn,
- prs_struct *ps, int depth)
+ prs_struct *ps, int depth)
{
int i;
- int i2;
if (trn == NULL)
return False;
if(!prs_align(ps))
return False;
-
+
if(!prs_uint32("num_entries ", ps, depth, &trn->num_entries))
return False;
if(!prs_uint32("ptr_trans_names", ps, depth, &trn->ptr_trans_names))
if (trn->ptr_trans_names != 0) {
if(!prs_uint32("num_entries2 ", ps, depth, &trn->num_entries2))
return False;
-
SMB_ASSERT_ARRAY(trn->name, trn->num_entries);
- for (i = 0, i2 = 0; i < trn->num_entries2; i++) {
+ for (i = 0; i < trn->num_entries2; i++) {
fstring t;
slprintf(t, sizeof(t) - 1, "name[%d] ", i);
if(!lsa_io_trans_name(t, &trn->name[i], ps, depth)) /* translated name */
return False;
+ }
- if (trn->name[i].hdr_name.buffer != 0) {
- if(!smb_io_unistr2(t, &trn->uni_name[i2], 1, ps, depth))
- return False;
- if(!prs_align(ps))
- return False;
- i2++;
- }
+ for (i = 0; i < trn->num_entries2; i++) {
+ fstring t;
+ slprintf(t, sizeof(t) - 1, "name[%d] ", i);
+
+ if(!smb_io_unistr2(t, &trn->uni_name[i], trn->name[i].hdr_name.buffer, ps, depth))
+ return False;
+ if(!prs_align(ps))
+ return False;
}
}
if(!prs_align(ps))
return False;
- if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
+ if(!prs_uint32("ptr_dom_ref", ps, depth, &r_s->ptr_dom_ref))
return False;
+
+ if (r_s->ptr_dom_ref != 0)
+ if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
+ return False;
+
if(!lsa_io_trans_names("names ", r_s->names, ps, depth)) /* translated names */
return False;
}
/*******************************************************************
- Reads or writes a structure.
+makes a structure.
********************************************************************/
-BOOL lsa_io_q_lookup_rids(char *desc, LSA_Q_LOOKUP_RIDS *q_r, prs_struct *ps, int depth)
+void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd,
+ int num_names, char **names)
+{
+ int i;
+
+ DEBUG(5,("init_q_lookup_names\n"));
+
+ memcpy(&q_l->pol, hnd, sizeof(q_l->pol));
+
+ q_l->num_entries = num_names;
+ q_l->num_entries2 = num_names;
+
+ SMB_ASSERT_ARRAY(q_l->uni_name, q_l->num_entries);
+
+ for (i = 0; i < num_names; i++) {
+ char* name = names[i];
+ int len = strlen(name);
+ init_uni_hdr(&q_l->hdr_name[i], len);
+ init_unistr2(&q_l->uni_name[i], name, len);
+ }
+
+ q_l->num_trans_entries = 0;
+ q_l->ptr_trans_sids = 0;
+ q_l->lookup_level = 1;
+ q_l->mapped_count = 0;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth)
{
int i;
if (q_r == NULL)
return False;
- prs_debug(ps, depth, desc, "lsa_io_q_lookup_rids");
+ prs_debug(ps, depth, desc, "lsa_io_q_lookup_names");
depth++;
if(!prs_align(ps))
return False;
-
- if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
+
+ if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
return False;
if(!prs_uint32("num_entries ", ps, depth, &q_r->num_entries))
return False;
if(!prs_uint32("num_entries2 ", ps, depth, &q_r->num_entries2))
return False;
- if(!prs_uint32("buffer_dom_sid ", ps, depth, &q_r->buffer_dom_sid)) /* undocumented domain SID buffer pointer */
- return False;
- if(!prs_uint32("buffer_dom_name", ps, depth, &q_r->buffer_dom_name)) /* undocumented domain name buffer pointer */
- return False;
- SMB_ASSERT_ARRAY(q_r->lookup_name, q_r->num_entries);
+ SMB_ASSERT_ARRAY(q_r->uni_name, q_r->num_entries);
+
+ for (i = 0; i < q_r->num_entries; i++) {
+ if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
+ return False;
+ }
for (i = 0; i < q_r->num_entries; i++) {
- if(!smb_io_unistr3("", &q_r->lookup_name[i], ps, depth)) /* names to be looked up */
+ if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
+ return False;
+ if(!prs_align(ps))
return False;
}
- if(!prs_uint8s (False, "undoc ", ps, depth, q_r->undoc, UNKNOWN_LEN))
+ if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
+ return False;
+ if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
+ return False;
+ if(!prs_uint32("lookup_level ", ps, depth, &q_r->lookup_level))
+ return False;
+ if(!prs_uint32("mapped_count ", ps, depth, &q_r->mapped_count))
return False;
return True;
}
/*******************************************************************
- Reads or writes a structure.
+reads or writes a structure.
********************************************************************/
-BOOL lsa_io_r_lookup_rids(char *desc, LSA_R_LOOKUP_RIDS *r_r, prs_struct *ps, int depth)
+BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth)
{
int i;
if (r_r == NULL)
return False;
- prs_debug(ps, depth, desc, "lsa_io_r_lookup_rids");
+ prs_debug(ps, depth, desc, "lsa_io_r_lookup_names");
depth++;
if(!prs_align(ps))
return False;
-
- if(!lsa_io_dom_r_ref("", &r_r->dom_ref, ps, depth)) /* domain reference info */
- return False;
- if(!prs_uint32("num_entries ", ps, depth, &r_r->num_entries))
+ if(!prs_uint32("ptr_dom_ref", ps, depth, &r_r->ptr_dom_ref))
return False;
- if(!prs_uint32("undoc_buffer", ps, depth, &r_r->undoc_buffer))
+
+ if (r_r->ptr_dom_ref != 0)
+ if(!lsa_io_dom_r_ref("", r_r->dom_ref, ps, depth))
+ return False;
+
+ if(!prs_uint32("num_entries", ps, depth, &r_r->num_entries))
return False;
- if(!prs_uint32("num_entries2", ps, depth, &r_r->num_entries2))
+ if(!prs_uint32("ptr_entries", ps, depth, &r_r->ptr_entries))
return False;
- SMB_ASSERT_ARRAY(r_r->dom_rid, r_r->num_entries2);
+ if (r_r->ptr_entries != 0) {
+ if(!prs_uint32("num_entries2", ps, depth, &r_r->num_entries2))
+ return False;
- for (i = 0; i < r_r->num_entries2; i++) {
- if(!smb_io_dom_rid2("", &r_r->dom_rid[i], ps, depth)) /* domain RIDs being looked up */
- return False;
+ if (r_r->num_entries2 != r_r->num_entries) {
+ /* RPC fault */
+ return False;
+ }
+
+ for (i = 0; i < r_r->num_entries2; i++)
+ if(!smb_io_dom_rid2("", &r_r->dom_rid[i], ps, depth)) /* domain RIDs being looked up */
+ return False;
}
- if(!prs_uint32("num_entries3", ps, depth, &r_r->num_entries3))
+ if(!prs_uint32("mapped_count", ps, depth, &r_r->mapped_count))
return False;
if(!prs_uint32("status ", ps, depth, &r_r->status))
Inits a UNIHDR structure.
********************************************************************/
-void init_uni_hdr(UNIHDR *hdr, int max_len, int len, uint32 buffer)
+void init_uni_hdr(UNIHDR *hdr, int len)
{
hdr->uni_str_len = 2 * len;
- hdr->uni_max_len = 2 * max_len;
- hdr->buffer = buffer;
+ hdr->uni_max_len = 2 * len;
+ hdr->buffer = len != 0 ? 1 : 0;
}
/*******************************************************************
creates a UNIHDR2 structure.
********************************************************************/
-void init_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate)
+void init_uni_hdr2(UNIHDR2 *hdr, int len)
{
- init_uni_hdr(&hdr->unihdr, max_len, len, terminate);
+ init_uni_hdr(&hdr->unihdr, len);
hdr->buffer = (len > 0) ? 1 : 0;
}
Inits a DOM_RID2 structure.
********************************************************************/
-void init_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type)
+void init_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type, uint32 idx)
{
rid2->type = type;
- rid2->undoc = 0x5;
rid2->rid = rid;
- rid2->rid_idx = 0;
+ rid2->rid_idx = idx;
}
/*******************************************************************
if(!prs_align(ps))
return False;
-
- /* should be value 5, so enforce it */
- rid2->type = 5;
-
- /* should be value 5, so enforce it */
- rid2->undoc = 5;
-
- if(!prs_uint32("type ", ps, depth, &rid2->type))
+
+ if(!prs_uint8("type ", ps, depth, &rid2->type))
return False;
- if(!prs_uint32("undoc ", ps, depth, &rid2->undoc))
+ if(!prs_align(ps))
return False;
if(!prs_uint32("rid ", ps, depth, &rid2->rid))
return False;
- if(!prs_uint32("rid_idx", ps, depth, &rid2->rid_idx ))
+ if(!prs_uint32("rid_idx", ps, depth, &rid2->rid_idx))
return False;
return True;
void init_dom_rid3(DOM_RID3 *rid3, uint32 rid, uint8 type)
{
- rid3->rid = rid;
- rid3->type1 = type;
- rid3->ptr_type = 0x1; /* non-zero, basically. */
- rid3->type2 = 0x1;
+ rid3->rid = rid;
+ rid3->type1 = type;
+ rid3->ptr_type = 0x1; /* non-zero, basically. */
+ rid3->type2 = 0x1;
+ rid3->unk = type;
}
/*******************************************************************
if(!prs_align(ps))
return False;
-
+
if(!prs_uint32("rid ", ps, depth, &rid3->rid))
return False;
if(!prs_uint32("type1 ", ps, depth, &rid3->type1))
return False;
if(!prs_uint32("type2 ", ps, depth, &rid3->type2))
return False;
+ if(!prs_uint32("unk ", ps, depth, &rid3->unk))
+ return False;
return True;
}
void init_dom_rid4(DOM_RID4 *rid4, uint16 unknown, uint16 attr, uint32 rid)
{
- rid4->unknown = unknown;
- rid4->attr = attr;
- rid4->rid = rid;
+ rid4->unknown = unknown;
+ rid4->attr = attr;
+ rid4->rid = rid;
}
-
/*******************************************************************
Inits a DOM_CLNT_SRV structure.
********************************************************************/
id->ptr_id_info1 = 1;
- init_uni_hdr(&id->hdr_domain_name, len_domain_name, len_domain_name, 4);
+ init_uni_hdr(&id->hdr_domain_name, len_domain_name);
id->param_ctrl = param_ctrl;
init_logon_id(&id->logon_id, log_id_low, log_id_high);
- init_uni_hdr(&id->hdr_user_name, len_user_name, len_user_name, 4);
- init_uni_hdr(&id->hdr_wksta_name, len_wksta_name, len_wksta_name , 4);
+ init_uni_hdr(&id->hdr_user_name, len_user_name);
+ init_uni_hdr(&id->hdr_wksta_name, len_wksta_name);
if (lm_cypher && nt_cypher) {
unsigned char key[16];
id->ptr_id_info2 = 1;
- init_uni_hdr(&id->hdr_domain_name, len_domain_name, len_domain_name, 4);
+ init_uni_hdr(&id->hdr_domain_name, len_domain_name);
id->param_ctrl = param_ctrl;
init_logon_id(&id->logon_id, log_id_low, log_id_high);
- init_uni_hdr(&id->hdr_user_name, len_user_name, len_user_name, 4);
- init_uni_hdr(&id->hdr_wksta_name, len_wksta_name, len_wksta_name, 4);
+ init_uni_hdr(&id->hdr_user_name, len_user_name);
+ init_uni_hdr(&id->hdr_wksta_name, len_wksta_name);
if (nt_chal_resp) {
/* oops. can only send what-ever-it-is direct */
usr->pass_can_change_time = *pass_can_change_time;
usr->pass_must_change_time = *pass_must_change_time;
- init_uni_hdr(&usr->hdr_user_name, len_user_name, len_user_name, 4);
- init_uni_hdr(&usr->hdr_full_name, len_full_name, len_full_name, 4);
- init_uni_hdr(&usr->hdr_logon_script, len_logon_script, len_logon_script, 4);
- init_uni_hdr(&usr->hdr_profile_path, len_profile_path, len_profile_path, 4);
- init_uni_hdr(&usr->hdr_home_dir, len_home_dir, len_home_dir, 4);
- init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive, len_dir_drive, 4);
+ init_uni_hdr(&usr->hdr_user_name, len_user_name);
+ init_uni_hdr(&usr->hdr_full_name, len_full_name);
+ init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+ init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+ init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+ init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
usr->logon_count = logon_count;
usr->bad_pw_count = bad_pw_count;
else
memset((char *)usr->user_sess_key, '\0', sizeof(usr->user_sess_key));
- init_uni_hdr(&usr->hdr_logon_srv, len_logon_srv, len_logon_srv, 4);
- init_uni_hdr(&usr->hdr_logon_dom, len_logon_dom, len_logon_dom, 4);
+ init_uni_hdr(&usr->hdr_logon_srv, len_logon_srv);
+ init_uni_hdr(&usr->hdr_logon_dom, len_logon_dom);
usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */
memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
- init_uni_hdr(&q_c->hdr_name, len_name, len_name, 1);
+ init_uni_hdr(&q_c->hdr_name, len_name);
init_unistr2(&q_c->uni_name, name, len_name);
- init_uni_hdr(&q_c->hdr_class, len_class, len_class, 1);
+ init_uni_hdr(&q_c->hdr_class, len_class);
init_unistr2(&q_c->uni_class, class, len_class);
q_c->reserved = 0x00000000;
memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
- init_uni_hdr(&q_c->hdr_name, len_name, len_name, 1);
+ init_uni_hdr(&q_c->hdr_name, len_name);
init_unistr2(&q_c->uni_name, name, len_name);
}
memcpy(&q_c->pnt_pol, hnd, sizeof(q_c->pnt_pol));
- init_uni_hdr(&q_c->hdr_name, len_name, len_name, 1);
+ init_uni_hdr(&q_c->hdr_name, len_name);
init_unistr2(&q_c->uni_name, name, len_name);
}
ZERO_STRUCTP(q_o);
memcpy(&q_o->pol, hnd, sizeof(q_o->pol));
- init_uni_hdr(&q_o->hdr_class, max_class_len, 0, max_class_len > 0 ? 1 : 0);
+ init_uni_hdr(&q_o->hdr_class, max_class_len);
q_o->uni_class.uni_max_len = max_class_len;
}
memcpy(&q_i->pol, pol, sizeof(q_i->pol));
- init_uni_hdr(&q_i->hdr_type, len_type, len_type, 1);
+ init_uni_hdr(&q_i->hdr_type, len_type);
init_unistr2(&q_i->uni_type, product_type, len_type);
q_i->ptr1 = 1;
memcpy(&q_i->pol, pol, sizeof(q_i->pol));
q_i->val_index = val_idx;
- init_uni_hdr(&q_i->hdr_name, max_val_len, 0, 1);
+ init_uni_hdr(&q_i->hdr_name, max_val_len);
q_i->uni_name.uni_max_len = max_val_len;
q_i->ptr_type = 1;
memcpy(&q_i->pol, pol, sizeof(q_i->pol));
- init_uni_hdr(&q_i->hdr_name, val_len, val_len, 1);
+ init_uni_hdr(&q_i->hdr_name, val_len);
init_unistr2(&q_i->uni_name, val_name, val_len);
q_i->type = type;
memcpy(&r_q->pol, pol, sizeof(r_q->pol));
- init_uni_hdr(&r_q->hdr_name, len_name, len_name, 1);
+ init_uni_hdr(&r_q->hdr_name, len_name);
init_unistr2(&r_q->uni_name, key_name, len_name);
r_q->unknown_0 = 0x00000000;
u_2->unknown_2 = 0x00000000;
u_2->ptr_0 = 1;
- init_uni_hdr(&u_2->hdr_domain, len_domain, len_domain, 1);
- init_uni_hdr(&u_2->hdr_server, len_server, len_server, 1);
+ init_uni_hdr(&u_2->hdr_domain, len_domain);
+ init_uni_hdr(&u_2->hdr_server, len_server);
u_2->seq_num = 0x10000000;
u_2->unknown_3 = 0x00000000;
sam->acb_info = acb_info;
sam->pad = 0;
- init_uni_hdr(&sam->hdr_acct_name, len_sam_name, len_sam_name, len_sam_name != 0);
- init_uni_hdr(&sam->hdr_user_name, len_sam_full, len_sam_full, len_sam_full != 0);
- init_uni_hdr(&sam->hdr_user_desc, len_sam_desc, len_sam_desc, len_sam_desc != 0);
+ init_uni_hdr(&sam->hdr_acct_name, len_sam_name);
+ init_uni_hdr(&sam->hdr_user_name, len_sam_full);
+ init_uni_hdr(&sam->hdr_user_desc, len_sam_desc);
}
/*******************************************************************
sam->acb_info = acb_info;
sam->pad = 0;
- init_uni_hdr(&sam->hdr_srv_name, len_sam_name, len_sam_name, len_sam_name != 0);
- init_uni_hdr(&sam->hdr_srv_desc, len_sam_desc, len_sam_desc, len_sam_desc != 0);
+ init_uni_hdr(&sam->hdr_srv_name, len_sam_name);
+ init_uni_hdr(&sam->hdr_srv_desc, len_sam_desc);
}
/*******************************************************************
sam->rid_grp = rid_grp;
sam->attr = 0x07; /* group rid attributes - gets ignored by nt 4.0 */
- init_uni_hdr(&sam->hdr_grp_name, len_grp_name, len_grp_name, len_grp_name != 0);
- init_uni_hdr(&sam->hdr_grp_desc, len_grp_desc, len_grp_desc, len_grp_desc != 0);
+ init_uni_hdr(&sam->hdr_grp_name, len_grp_name);
+ init_uni_hdr(&sam->hdr_grp_desc, len_grp_desc);
}
/*******************************************************************
DEBUG(5,("init_sam_entry\n"));
sam->rid = rid;
- init_uni_hdr(&sam->hdr_name, len_sam_name, len_sam_name, len_sam_name != 0);
+ init_uni_hdr(&sam->hdr_name, len_sam_name);
}
/*******************************************************************
r_u->ptr = 1;
- init_uni_hdr(&r_u->alias.info3.hdr_acct_desc, acct_len,
- acct_len, acct_desc ? 1 : 0);
+ init_uni_hdr(&r_u->alias.info3.hdr_acct_desc, acct_len);
init_unistr2(&r_u->alias.info3.uni_acct_desc, acct_desc, acct_len);
break;
for (i = 0; i < num_aliases; i++) {
int als_len = als_name[i] != NULL ? strlen(als_name[i]) : 0;
- init_uni_hdr(&r_u->hdr_als_name[i], als_len, als_len, als_name[i] ? 1 : 0);
+ init_uni_hdr(&r_u->hdr_als_name[i], als_len);
init_unistr2(&r_u->uni_als_name[i], als_name[i], als_len);
r_u->num_als_usrs[i] = num_als_usrs[i];
}
memcpy(&usr->expiry,expiry, sizeof(usr->expiry)); /* expiry time or something? */
memset((char *)usr->padding_1, '\0', sizeof(usr->padding_1)); /* 0 - padding 24 bytes */
- init_uni_hdr(&usr->hdr_mach_acct, len_mach_acct, len_mach_acct, 4); /* unicode header for machine account */
+ init_uni_hdr(&usr->hdr_mach_acct, len_mach_acct); /* unicode header for machine account */
usr->padding_2 = 0; /* 0 - padding 4 bytes */
usr->ptr_1 = 1; /* pointer */
usr->pass_can_change_time = *pass_can_change_time;
usr->pass_must_change_time = *pass_must_change_time;
- init_uni_hdr(&usr->hdr_user_name, len_user_name, len_user_name, 1);
- init_uni_hdr(&usr->hdr_full_name, len_full_name, len_full_name, 1);
- init_uni_hdr(&usr->hdr_home_dir, len_home_dir, len_home_dir, 1);
- init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive, len_dir_drive, 1);
- init_uni_hdr(&usr->hdr_logon_script, len_logon_script, len_logon_script, 1);
- init_uni_hdr(&usr->hdr_profile_path, len_profile_path, len_profile_path, 1);
- init_uni_hdr(&usr->hdr_acct_desc, len_description, len_description, 1);
- init_uni_hdr(&usr->hdr_workstations, len_workstations, len_workstations, 1);
- init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str, len_unknown_str, 1);
- init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial, len_munged_dial, 1);
+ init_uni_hdr(&usr->hdr_user_name, len_user_name);
+ init_uni_hdr(&usr->hdr_full_name, len_full_name);
+ init_uni_hdr(&usr->hdr_home_dir, len_home_dir);
+ init_uni_hdr(&usr->hdr_dir_drive, len_dir_drive);
+ init_uni_hdr(&usr->hdr_logon_script, len_logon_script);
+ init_uni_hdr(&usr->hdr_profile_path, len_profile_path);
+ init_uni_hdr(&usr->hdr_acct_desc, len_description);
+ init_uni_hdr(&usr->hdr_workstations, len_workstations);
+ init_uni_hdr(&usr->hdr_unknown_str, len_unknown_str);
+ init_uni_hdr(&usr->hdr_munged_dial, len_munged_dial);
memset((char *)usr->nt_pwd, '\0', sizeof(usr->nt_pwd));
memset((char *)usr->lm_pwd, '\0', sizeof(usr->lm_pwd));
DEBUG(5,("init_q_unknown_38\n"));
q_u->ptr = 1;
- init_uni_hdr(&q_u->hdr_srv_name, len_srv_name, len_srv_name, len_srv_name != 0);
+ init_uni_hdr(&q_u->hdr_srv_name, len_srv_name);
init_unistr2(&q_u->uni_srv_name, srv_name, len_srv_name);
}
DEBUG(5,("init_samr_q_chgpasswd_user\n"));
q_u->ptr_0 = 1;
- init_uni_hdr(&q_u->hdr_dest_host, len_dest_host, len_dest_host, len_dest_host != 0);
+ init_uni_hdr(&q_u->hdr_dest_host, len_dest_host);
init_unistr2(&q_u->uni_dest_host, dest_host, len_dest_host);
- init_uni_hdr(&q_u->hdr_user_name, len_user_name, len_user_name, len_user_name != 0);
+ init_uni_hdr(&q_u->hdr_user_name, len_user_name);
init_unistr2(&q_u->uni_user_name, user_name, len_user_name);
init_enc_passwd(&q_u->nt_newpass, nt_newpass);
extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
+extern fstring global_myworkgroup;
+extern pstring global_myname;
/***************************************************************************
-lsa_reply_open_policy2
+ lsa_reply_open_policy2
***************************************************************************/
-static void lsa_reply_open_policy2(prs_struct *rdata)
+
+static BOOL lsa_reply_open_policy2(prs_struct *rdata)
{
int i;
LSA_R_OPEN_POL2 r_o;
/* set up the LSA QUERY INFO response */
for (i = 4; i < POL_HND_SIZE; i++)
- {
r_o.pol.data[i] = i;
- }
r_o.status = 0x0;
/* store the response in the SMB stream */
- lsa_io_r_open_pol2("", &r_o, rdata, 0);
+ if(!lsa_io_r_open_pol2("", &r_o, rdata, 0)) {
+ DEBUG(0,("lsa_reply_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
lsa_reply_open_policy
***************************************************************************/
-static void lsa_reply_open_policy(prs_struct *rdata)
+
+static BOOL lsa_reply_open_policy(prs_struct *rdata)
{
int i;
LSA_R_OPEN_POL r_o;
/* set up the LSA QUERY INFO response */
for (i = 4; i < POL_HND_SIZE; i++)
- {
r_o.pol.data[i] = i;
- }
r_o.status = 0x0;
/* store the response in the SMB stream */
- lsa_io_r_open_pol("", &r_o, rdata, 0);
+ if(!lsa_io_r_open_pol("", &r_o, rdata, 0)) {
+ DEBUG(0,("lsa_reply_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
-make_dom_query
+Init dom_query
***************************************************************************/
-static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
+
+static void init_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
{
+ fstring sid_str;
int domlen = strlen(dom_name);
d_q->uni_dom_max_len = domlen * 2;
d_q->uni_dom_str_len = domlen * 2;
- d_q->buffer_dom_name = 4; /* domain buffer pointer */
- d_q->buffer_dom_sid = 2; /* domain sid pointer */
+ d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */
+ d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */
/* this string is supposed to be character short */
- init_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
+ init_unistr2(&d_q->uni_domain_name, dom_name, domlen);
- init_dom_sid2(&(d_q->dom_sid), dom_sid);
+ sid_to_string(sid_str, dom_sid);
+ init_dom_sid2(&d_q->dom_sid, dom_sid);
}
/***************************************************************************
-lsa_reply_query_info
+ lsa_reply_enum_trust_dom
***************************************************************************/
+
static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
prs_struct *rdata,
uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
/***************************************************************************
lsa_reply_query_info
***************************************************************************/
-static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
+
+static BOOL lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
char *dom_name, DOM_SID *dom_sid)
{
LSA_R_QUERY_INFO r_q;
r_q.undoc_buffer = 0x22000000; /* bizarre */
r_q.info_class = q_q->info_class;
- make_dom_query(&r_q.dom.id5, dom_name, dom_sid);
+ init_dom_query(&r_q.dom.id5, dom_name, dom_sid);
r_q.status = 0x0;
/* store the response in the SMB stream */
- lsa_io_r_query("", &r_q, rdata, 0);
-}
+ if(!lsa_io_r_query("", &r_q, rdata, 0)) {
+ DEBUG(0,("lsa_reply_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
+ return False;
+ }
+ return True;
+}
/***************************************************************************
-make_dom_ref
- ***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref, int num_domains,
- char **dom_names, DOM_SID **dom_sids)
-
+ init_dom_ref - adds a domain if it's not already in, returns the index.
+***************************************************************************/
+
+static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
{
- int i;
+ int num = 0;
+ int len;
+
+ if (dom_name != NULL) {
+ for (num = 0; num < ref->num_ref_doms_1; num++) {
+ fstring domname;
+ fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
+ if (strequal(domname, dom_name))
+ return num;
+ }
+ } else {
+ num = ref->num_ref_doms_1;
+ }
- if (num_domains > MAX_REF_DOMAINS)
- {
- num_domains = MAX_REF_DOMAINS;
+ if (num >= MAX_REF_DOMAINS) {
+ /* index not found, already at maximum domain limit */
+ return -1;
}
- ref->undoc_buffer = 1;
- ref->num_ref_doms_1 = num_domains;
- ref->undoc_buffer2 = 1;
+ ref->num_ref_doms_1 = num+1;
+ ref->ptr_ref_dom = 1;
ref->max_entries = MAX_REF_DOMAINS;
- ref->num_ref_doms_2 = num_domains;
+ ref->num_ref_doms_2 = num+1;
- for (i = 0; i < num_domains; i++)
- {
- int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0;
+ len = (dom_name != NULL) ? strlen(dom_name) : 0;
+ if(dom_name != NULL && len == 0)
+ len = 1;
- init_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0);
- ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0;
+ init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len);
+ ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
- init_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len);
- init_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]);
- }
+ init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len);
+ init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
+ return num;
}
/***************************************************************************
-make_reply_lookup_rids
+ init_lsa_rid2s
***************************************************************************/
-static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
- int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+
+static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2,
+ int num_entries, UNISTR2 name[MAX_LOOKUP_SIDS],
+ uint32 *mapped_count)
{
int i;
+ int total = 0;
+ *mapped_count = 0;
- make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids);
+ SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
- r_l->num_entries = num_entries;
- r_l->undoc_buffer = 1;
- r_l->num_entries2 = num_entries;
+ for (i = 0; i < num_entries; i++) {
+ BOOL status = False;
+ DOM_SID dom_sid;
+ DOM_SID sid;
+ uint32 rid = 0xffffffff;
+ int dom_idx = -1;
+ pstring full_name;
+ fstring dom_name;
+ fstring user;
+ uint8 sid_name_use = SID_NAME_UNKNOWN;
- SMB_ASSERT_ARRAY(r_l->dom_rid, num_entries);
+ pstrcpy(full_name, unistr2_to_str(&name[i]));
- for (i = 0; i < num_entries; i++)
- {
- init_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01);
+ /*
+ * Try and split the name into a DOMAIN and
+ * user component.
+ */
+
+ split_domain_name(full_name, dom_name, user);
+
+ /*
+ * We only do anything with this name if we
+ * can map the Domain into a SID we know.
+ */
+
+ if (map_domain_name_to_sid(&dom_sid, dom_name)) {
+ dom_idx = init_dom_ref(ref, dom_name, &dom_sid);
+
+ if (lookup_local_name(dom_name, user, &sid, &sid_name_use) && sid_split_rid(&sid, &rid))
+ status = True;
+ }
+
+ if (status)
+ (*mapped_count)++;
+ else {
+ dom_idx = -1;
+ rid = 0xffffffff;
+ sid_name_use = SID_NAME_UNKNOWN;
+ }
+
+ init_dom_rid2(&rid2[total], rid, sid_name_use, dom_idx);
+ total++;
}
+}
- r_l->num_entries3 = num_entries;
+/***************************************************************************
+ init_reply_lookup_names
+ ***************************************************************************/
+
+static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
+ DOM_R_REF *ref, uint32 num_entries,
+ DOM_RID2 *rid2, uint32 mapped_count)
+{
+ r_l->ptr_dom_ref = 1;
+ r_l->dom_ref = ref;
+
+ r_l->num_entries = num_entries;
+ r_l->ptr_entries = 1;
+ r_l->num_entries2 = num_entries;
+ r_l->dom_rid = rid2;
+
+ r_l->mapped_count = mapped_count;
+
+ if (mapped_count == 0)
+ r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ else
+ r_l->status = 0x0;
}
/***************************************************************************
-make_lsa_trans_names
+ Init lsa_trans_names.
***************************************************************************/
-static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
- int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- uint32 *total)
+
+static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
+ int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], uint32 *mapped_count)
{
- uint32 status = 0x0;
+ extern DOM_SID global_sid_S_1_5_0x20; /* BUILTIN sid. */
int i;
- (*total) = 0;
+ int total = 0;
+ *mapped_count = 0;
SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
- for (i = 0; i < num_entries; i++)
- {
+ for (i = 0; i < num_entries; i++) {
+ BOOL status = False;
+ DOM_SID find_sid = sid[i].sid;
+ DOM_SID tmp_sid = sid[i].sid;
uint32 rid = 0xffffffff;
- uint8 num_auths = sid[i].sid.num_auths;
+ int dom_idx = -1;
fstring name;
- uint32 type;
-
- SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths);
+ fstring dom_name;
+ uint8 sid_name_use = 0;
- /* find the rid to look up */
- if (num_auths != 0)
- {
- rid = sid[i].sid.sub_auths[num_auths-1];
+ memset(dom_name, '\0', sizeof(dom_name));
+ memset(name, '\0', sizeof(name));
- status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ /*
+ * First, check to see if the SID is one of the well
+ * known ones (this includes our own domain SID).
+ * Next, check if the domain prefix is one of the
+ * well known ones. If so and the domain prefix was
+ * either BUILTIN or our own global sid, then lookup
+ * the RID as a user or group id and translate to
+ * a name.
+ */
- status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status;
- status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status;
- status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status;
+ if (map_domain_sid_to_name(&find_sid, dom_name)) {
+ sid_name_use = SID_NAME_DOMAIN;
+ } else if (sid_split_rid(&find_sid, &rid) && map_domain_sid_to_name(&find_sid, dom_name)) {
+ if (sid_equal(&find_sid, &global_sam_sid) ||
+ sid_equal(&find_sid, &global_sid_S_1_5_0x20)) {
+ status = lookup_local_rid(rid, name, &sid_name_use);
+ } else {
+ status = lookup_known_rid(&find_sid, rid, name, &sid_name_use);
+ }
}
- if (status == 0x0)
- {
- init_lsa_trans_name(&(trn->name [(*total)]),
- &(trn->uni_name[(*total)]),
- type, name, (*total));
- (*total)++;
+ DEBUG(10,("init_lsa_trans_names: adding domain '%s' sid %s to referenced list.\n",
+ dom_name ));
+
+ dom_idx = init_dom_ref(ref, dom_name, &find_sid);
+
+ if(!status) {
+ slprintf(name, sizeof(name)-1, "unix.%08x", rid);
+ sid_name_use = SID_NAME_UNKNOWN;
}
+
+ DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to referenced list.\n", dom_name, name ));
+
+ (*mapped_count)++;
+
+ init_lsa_trans_name(&trn->name[total], &trn->uni_name[total],
+ sid_name_use, name, dom_idx);
+ total++;
}
- trn->num_entries = (*total);
+ trn->num_entries = total;
trn->ptr_trans_names = 1;
- trn->num_entries2 = (*total);
+ trn->num_entries2 = total;
}
/***************************************************************************
-make_reply_lookup_sids
+ Init_reply_lookup_sids.
***************************************************************************/
-static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
- DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
- uint32 mapped_count, uint32 status)
+
+static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
+ DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
+ uint32 mapped_count)
{
+ r_l->ptr_dom_ref = 1;
r_l->dom_ref = ref;
r_l->names = names;
r_l->mapped_count = mapped_count;
- r_l->status = status;
+
+ if (mapped_count == 0)
+ r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ else
+ r_l->status = 0x0;
}
/***************************************************************************
lsa_reply_lookup_sids
***************************************************************************/
-static void lsa_reply_lookup_sids(prs_struct *rdata,
- int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+
+static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entries)
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
ZERO_STRUCT(names);
/* set up the LSA Lookup SIDs response */
- make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids);
- make_lsa_trans_names(&names, num_entries, sid, &mapped_count);
- make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
+ init_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
+ init_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
/* store the response in the SMB stream */
- lsa_io_r_lookup_sids("", &r_l, rdata, 0);
+ if(!lsa_io_r_lookup_sids("", &r_l, rdata, 0)) {
+ DEBUG(0,("lsa_reply_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
-lsa_reply_lookup_rids
+lsa_reply_lookup_names
***************************************************************************/
-static void lsa_reply_lookup_rids(prs_struct *rdata,
- int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+
+static BOOL lsa_reply_lookup_names(prs_struct *rdata,
+ UNISTR2 names[MAX_LOOKUP_SIDS], int num_entries)
{
- LSA_R_LOOKUP_RIDS r_l;
+ LSA_R_LOOKUP_NAMES r_l;
+ DOM_R_REF ref;
+ DOM_RID2 rids[MAX_LOOKUP_SIDS];
+ uint32 mapped_count = 0;
ZERO_STRUCT(r_l);
+ ZERO_STRUCT(ref);
+ ZERO_STRUCT(rids);
/* set up the LSA Lookup RIDs response */
- make_reply_lookup_rids(&r_l, num_entries, dom_rids,
- num_ref_doms, dom_names, dom_sids);
- r_l.status = 0x0;
+ init_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
+ init_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
/* store the response in the SMB stream */
- lsa_io_r_lookup_rids("", &r_l, rdata, 0);
+ if(!lsa_io_r_lookup_names("", &r_l, rdata, 0)) {
+ DEBUG(0,("lsa_reply_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
+ return False;
+ }
+
+ return True;
}
/***************************************************************************
-api_lsa_open_policy
+ api_lsa_open_policy2
***************************************************************************/
+
static BOOL api_lsa_open_policy2( uint16 vuid, prs_struct *data,
prs_struct *rdata )
{
ZERO_STRUCT(q_o);
/* grab the server, object attributes and desired access flag...*/
- lsa_io_q_open_pol2("", &q_o, data, 0);
+ if(!lsa_io_q_open_pol2("", &q_o, data, 0)) {
+ DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
+ return False;
+ }
/* lkclXXXX having decoded it, ignore all fields in the open policy! */
/* return a 20 byte policy handle */
- lsa_reply_open_policy2(rdata);
+ if(!lsa_reply_open_policy2(rdata))
+ return False;
return True;
}
ZERO_STRUCT(q_o);
/* grab the server, object attributes and desired access flag...*/
- lsa_io_q_open_pol("", &q_o, data, 0);
+ if(!lsa_io_q_open_pol("", &q_o, data, 0)) {
+ DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
+ return False;
+ }
/* lkclXXXX having decoded it, ignore all fields in the open policy! */
/* return a 20 byte policy handle */
- lsa_reply_open_policy(rdata);
+ if(!lsa_reply_open_policy(rdata))
+ return False;
return True;
}
prs_struct *rdata )
{
LSA_Q_QUERY_INFO q_i;
- pstring dom_name;
+ fstring name;
+ DOM_SID *sid = NULL;
+ memset(name, 0, sizeof(name));
ZERO_STRUCT(q_i);
/* grab the info class and policy handle */
- lsa_io_q_query("", &q_i, data, 0);
+ if(!lsa_io_q_query("", &q_i, data, 0)) {
+ DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
+ return False;
+ }
- pstrcpy(dom_name, lp_workgroup());
+ switch (q_i.info_class) {
+ case 0x03:
+ fstrcpy(name, global_myworkgroup);
+ sid = &global_sam_sid;
+ break;
+ case 0x05:
+ fstrcpy(name, global_myname);
+ sid = &global_sam_sid;
+ break;
+ default:
+ DEBUG(0,("api_lsa_query_info: unknown info level in Lsa Query: %d\n", q_i.info_class));
+ break;
+ }
/* construct reply. return status is always 0x0 */
- lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
+ if(!lsa_reply_query_info(&q_i, rdata, name, sid))
+ return False;
return True;
}
/***************************************************************************
-api_lsa_lookup_sids
+ api_lsa_lookup_sids
***************************************************************************/
-static BOOL api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
- prs_struct *rdata )
+
+static BOOL api_lsa_lookup_sids( uint16 vuid, prs_struct *data, prs_struct *rdata )
{
LSA_Q_LOOKUP_SIDS q_l;
- pstring dom_name;
- DOM_SID sid_S_1_1;
- DOM_SID sid_S_1_3;
- DOM_SID sid_S_1_5;
-
- DOM_SID *sid_array[4];
- char *dom_names[4];
-
ZERO_STRUCT(q_l);
- ZERO_STRUCT(sid_S_1_1);
- ZERO_STRUCT(sid_S_1_3);
- ZERO_STRUCT(sid_S_1_5);
/* grab the info class and policy handle */
- lsa_io_q_lookup_sids("", &q_l, data, 0);
-
- pstrcpy(dom_name, lp_workgroup());
-
- string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
-
- dom_names[0] = dom_name;
- sid_array[0] = &global_sam_sid;
-
- dom_names[1] = "Everyone";
- sid_array[1] = &sid_S_1_1;
-
- dom_names[2] = "don't know";
- sid_array[2] = &sid_S_1_3;
-
- dom_names[3] = "NT AUTHORITY";
- sid_array[3] = &sid_S_1_5;
+ if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) {
+ DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
+ return False;
+ }
/* construct reply. return status is always 0x0 */
- lsa_reply_lookup_sids(rdata,
- q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
- 4, dom_names, sid_array);
+ if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries))
+ return False;
return True;
}
/***************************************************************************
-api_lsa_lookup_names
+ api_lsa_lookup_names
***************************************************************************/
-static BOOL api_lsa_lookup_names( uint16 vuid, prs_struct *data,
- prs_struct *rdata )
-{
- int i;
- LSA_Q_LOOKUP_RIDS q_l;
- pstring dom_name;
- uint32 dom_rids[MAX_LOOKUP_SIDS];
- uint32 dummy_g_rid;
-
- DOM_SID sid_S_1_1;
- DOM_SID sid_S_1_3;
- DOM_SID sid_S_1_5;
-
- DOM_SID *sid_array[4];
- char *dom_names[4];
+static BOOL api_lsa_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rdata )
+{
+ LSA_Q_LOOKUP_NAMES q_l;
ZERO_STRUCT(q_l);
- ZERO_STRUCT(sid_S_1_1);
- ZERO_STRUCT(sid_S_1_3);
- ZERO_STRUCT(sid_S_1_5);
- ZERO_ARRAY(dom_rids);
/* grab the info class and policy handle */
- lsa_io_q_lookup_rids("", &q_l, data, 0);
-
- pstrcpy(dom_name, lp_workgroup());
-
- string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
-
- dom_names[0] = dom_name;
- sid_array[0] = &global_sam_sid;
-
- dom_names[1] = "Everyone";
- sid_array[1] = &sid_S_1_1;
-
- dom_names[2] = "don't know";
- sid_array[2] = &sid_S_1_3;
-
- dom_names[3] = "NT AUTHORITY";
- sid_array[3] = &sid_S_1_5;
-
- SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries);
-
- /* convert received RIDs to strings, so we can do them. */
- for (i = 0; i < q_l.num_entries; i++)
- {
- fstring user_name;
- fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
-
- /*
- * Map to the UNIX username.
- */
- map_username(user_name);
-
- /*
- * Do any case conversions.
- */
- (void)Get_Pwnam(user_name, True);
-
- if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
- {
- /* WHOOPS! we should really do something about this... */
- dom_rids[i] = 0;
- }
+ if(!lsa_io_q_lookup_names("", &q_l, data, 0)) {
+ DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
+ return False;
}
- /* construct reply. return status is always 0x0 */
- lsa_reply_lookup_rids(rdata,
- q_l.num_entries, dom_rids, /* text-converted SIDs */
- 4, dom_names, sid_array);
+ SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
- return True;
+ return lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
}
/***************************************************************************
user_name_len = strlen(pwd->smb_name);
init_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
- init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len,
- user_name_len, 1);
+ init_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len);
pw_buf[(*num_entries)].user_rid = pwd->user_rid;
memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
static size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
{
extern DOM_SID global_sam_sid;
- static DOM_SID world_sid;
- static BOOL world_sid_initialized = False;
+ extern DOM_SID global_sid_World;
SMB_STRUCT_STAT sbuf;
SEC_ACE ace_list[3];
DOM_SID owner_sid;
DOM_SID group_sid;
size_t sec_desc_size;
SEC_ACL *psa = NULL;
-
+ SEC_ACCESS owner_access;
+ SEC_ACCESS group_access;
+ SEC_ACCESS other_access;
+ int num_acls = 0;
+
*ppdesc = NULL;
- if(!world_sid_initialized) {
- world_sid_initialized = True;
- string_to_sid( &world_sid, "S-1-1-0");
- }
-
if(!lp_nt_acl_support()) {
- sid_copy( &owner_sid, &world_sid);
- sid_copy( &group_sid, &world_sid);
+ sid_copy( &owner_sid, &global_sid_World);
+ sid_copy( &group_sid, &global_sid_World);
} else {
if(fsp->is_directory) {
* Create the generic 3 element UNIX acl.
*/
- init_sec_ace(&ace_list[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
- map_unix_perms(sbuf.st_mode, S_IRUSR, S_IWUSR, S_IXUSR, fsp->is_directory), 0);
- init_sec_ace(&ace_list[1], &group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
- map_unix_perms(sbuf.st_mode, S_IRGRP, S_IWGRP, S_IXGRP, fsp->is_directory), 0);
- init_sec_ace(&ace_list[2], &world_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
- map_unix_perms(sbuf.st_mode, S_IROTH, S_IWOTH, S_IXOTH, fsp->is_directory), 0);
+ owner_access = map_unix_perms(sbuf.st_mode, S_IRUSR, S_IWUSR, S_IXUSR, fsp->is_directory);
+ group_access = map_unix_perms(sbuf.st_mode, S_IRGRP, S_IWGRP, S_IXGRP, fsp->is_directory);
+ other_access = map_unix_perms(sbuf.st_mode, S_IROTH, S_IWOTH, S_IXOTH, fsp->is_directory);
- if((psa = make_sec_acl( 3, 3, ace_list)) == NULL) {
- DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
- return 0;
- }
+ if(owner_access.mask)
+ init_sec_ace(&ace_list[num_acls++], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ owner_access, 0);
+
+ if(group_access.mask)
+ init_sec_ace(&ace_list[num_acls++], &group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ group_access, 0);
+
+ if(other_access.mask)
+ init_sec_ace(&ace_list[num_acls++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ other_access, 0);
+
+ if(num_acls)
+ if((psa = make_sec_acl( 3, num_acls, ace_list)) == NULL) {
+ DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
+ return 0;
+ }
}
*ppdesc = make_standard_sec_desc( &owner_sid, &group_sid, psa, &sec_desc_size);
#if 0 /* Old code. JRA. */
SIVAL(pdata,0,0x4006); /* FS ATTRIBUTES == long filenames supported? */
#endif /* Old code. */
+
SIVAL(pdata,4,128); /* Max filename component length */
SIVAL(pdata,8,2*strlen(fstype));
PutUniCode(pdata+12,fstype);
git.samba.org / samba.git / commitdiff