Jeremy.
} NET_USER_INFO_2;
#endif
+/* NET_USER_INFO_2 */
+typedef struct net_user_info_2 {
+ uint32 ptr_user_info;
+
+ NTTIME logon_time; /* logon time */
+ NTTIME logoff_time; /* logoff time */
+ NTTIME kickoff_time; /* kickoff time */
+ NTTIME pass_last_set_time; /* password last set time */
+ NTTIME pass_can_change_time; /* password can change time */
+ NTTIME pass_must_change_time; /* password must change time */
+
+ UNIHDR hdr_user_name; /* username unicode string header */
+ UNIHDR hdr_full_name; /* user's full name unicode string header */
+ UNIHDR hdr_logon_script; /* logon script unicode string header */
+ UNIHDR hdr_profile_path; /* profile path unicode string header */
+ UNIHDR hdr_home_dir; /* home directory unicode string header */
+ UNIHDR hdr_dir_drive; /* home directory drive unicode string header */
+
+ uint16 logon_count; /* logon count */
+ uint16 bad_pw_count; /* bad password count */
+
+ uint32 user_rid; /* User RID */
+ uint32 group_rid; /* Group RID */
+
+ uint32 num_groups; /* num groups */
+ uint32 buffer_groups; /* undocumented buffer pointer to groups. */
+ uint32 user_flgs; /* user flags */
+
+ uint8 user_sess_key[16]; /* user session key */
+
+ UNIHDR hdr_logon_srv; /* logon server unicode string header */
+ UNIHDR hdr_logon_dom; /* logon domain unicode string header */
+
+ uint32 buffer_dom_id; /* undocumented logon domain id pointer */
+ uint8 lm_sess_key[8]; /* lm session key */
+ uint32 acct_flags; /* account flags */
+ uint32 unknown[7]; /* unknown */
+
+ UNISTR2 uni_user_name; /* username unicode string */
+ UNISTR2 uni_full_name; /* user's full name unicode string */
+ UNISTR2 uni_logon_script; /* logon script unicode string */
+ UNISTR2 uni_profile_path; /* profile path unicode string */
+ UNISTR2 uni_home_dir; /* home directory unicode string */
+ UNISTR2 uni_dir_drive; /* home directory drive unicode string */
+
+ UNISTR2 uni_logon_srv; /* logon server unicode string */
+ UNISTR2 uni_logon_dom; /* logon domain unicode string */
+
+ DOM_SID2 dom_sid; /* domain SID */
+} NET_USER_INFO_2;
+
/* NET_USER_INFO_3 */
typedef struct net_user_info_3 {
uint32 ptr_user_info;
{
NET_ID_INFO_CTR *ctr = *pp_ctr;
- prs_debug(ps, depth, desc, "smb_io_sam_info");
+ prs_debug(ps, depth, desc, "smb_io_sam_info_ctr");
depth++;
if (UNMARSHALLING(ps)) {
break;
default:
/* PANIC! */
- DEBUG(4,("smb_io_sam_info: unknown switch_value!\n"));
+ DEBUG(4,("smb_io_sam_info_ctr: unknown switch_value!\n"));
break;
}
if(!prs_uint32("ptr_rtn_cred ", ps, depth, &sam->ptr_rtn_cred))
return False;
- if(!smb_io_cred("", &sam->rtn_cred, ps, depth))
- return False;
+ if (sam->ptr_rtn_cred) {
+ if(!smb_io_cred("", &sam->rtn_cred, ps, depth))
+ return False;
+ }
if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level))
return False;
if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */
return False;
- if (usr->buffer_other_sids) {
+ if (validation_level == 3 && usr->buffer_other_sids) {
uint32 num_other_sids = usr->num_other_sids;
if(!prs_align_uint16(ps))
return False;
-
+
if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level))
return False;
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- if(!net_io_q_sam_logon("", &q_u, data, 0)) {
- DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n"));
- return False;
- }
+ if(!net_io_q_sam_logon("", &q_u, data, 0)) {
+ DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n"));
+ return False;
+ }
r_u.status = _net_sam_logon(p, &q_u, &r_u);
DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
p->dc->remote_machine, p->dc->mach_acct ));
- return NT_STATUS_ACCESS_DENIED;
+ return NT_STATUS_INVALID_PARAMETER;
}
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
p->dc->remote_machine, p->dc->mach_acct ));
- return NT_STATUS_ACCESS_DENIED;
+ return NT_STATUS_INVALID_PARAMETER;
}
r_u->status = NT_STATUS_OK;
/* store the user information, if there is any. */
r_u->user = usr_info;
- r_u->switch_value = 0; /* indicates no info */
r_u->auth_resp = 1; /* authoritative response */
- r_u->switch_value = 3; /* indicates type of validation user info */
+ if (q_u->validation_level != 2 && q_u->validation_level != 3) {
+ DEBUG(0,("_net_sam_logon: bad validation_level value %d.\n", (int)q_u->validation_level ));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* We handle the return of USER_INFO_2 instead of 3 in the parse return. Sucks, I know... */
+ r_u->switch_value = q_u->validation_level; /* indicates type of validation user info */
r_u->buffer_creds = 1; /* Ensure we always return server creds. */
if (!get_valid_user_struct(p->vuid))
DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
p->dc->remote_machine, p->dc->mach_acct ));
- return NT_STATUS_ACCESS_DENIED;
+ return NT_STATUS_INVALID_PARAMETER;
}
/* find the username */
was observed from a win98 client trying to enumerate users (when configured
user level access control on shares) --jerry */
+ if (des_access == MAXIMUM_ALLOWED_ACCESS) {
+ /* Map to max possible knowing we're filtered below. */
+ des_access = GENERIC_ALL_ACCESS;
+ }
+
se_map_generic( &des_access, &sam_generic_mapping );
info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_OPEN_DOMAIN);