[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-2108-g53dc913
Günther Deschner
gd at samba.org
Tue Feb 12 13:56:32 GMT 2008
The branch, v3-2-test has been updated
via 53dc913b2d01aeea2a7490c5ef1292e6c6eff5e7 (commit)
via e1bcb7d82f22810e342a18aacbcfe49c3902bcb4 (commit)
from 8ee7dfad2e3a40e378398ea20158d3c7e7168cba (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 53dc913b2d01aeea2a7490c5ef1292e6c6eff5e7
Author: Günther Deschner <gd at samba.org>
Date: Tue Feb 12 12:58:47 2008 +0100
Use pidl for _samr_QueryUserInfo.
Guenther
commit e1bcb7d82f22810e342a18aacbcfe49c3902bcb4
Author: Günther Deschner <gd at samba.org>
Date: Tue Feb 12 14:26:56 2008 +0100
Add get_logon_hours_from_pdb() (inspired by samba4).
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/passdb/passdb.c | 23 +++
source/rpc_client/init_samr.c | 125 ++++++++++++++
source/rpc_server/srv_samr.c | 23 +---
source/rpc_server/srv_samr_nt.c | 341 ++++++++++++++++++++++++++++-----------
4 files changed, 396 insertions(+), 116 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index b6a4126..70b9dcd 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -1616,3 +1616,26 @@ bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],
return False;
}
+struct samr_LogonHours get_logon_hours_from_pdb(TALLOC_CTX *mem_ctx,
+ struct samu *pw)
+{
+ struct samr_LogonHours hours;
+ const int units_per_week = 168;
+
+ ZERO_STRUCT(hours);
+ hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
+ if (!hours.bits) {
+ return hours;
+ }
+
+ hours.units_per_week = units_per_week;
+ memset(hours.bits, 0xFF, units_per_week);
+
+ if (pdb_get_hours(pw)) {
+ memcpy(hours.bits, pdb_get_hours(pw),
+ MIN(pdb_get_hours_len(pw), units_per_week));
+ }
+
+ return hours;
+}
+
diff --git a/source/rpc_client/init_samr.c b/source/rpc_client/init_samr.c
index db8f4aa..a61ddb5 100644
--- a/source/rpc_client/init_samr.c
+++ b/source/rpc_client/init_samr.c
@@ -260,3 +260,128 @@ void init_samr_alias_info3(struct lsa_String *r,
init_lsa_String(r, description);
}
+/*******************************************************************
+ inits a samr_UserInfo7 structure.
+********************************************************************/
+
+void init_samr_user_info7(struct samr_UserInfo7 *r,
+ const char *account_name)
+{
+ DEBUG(5, ("init_samr_user_info7\n"));
+
+ init_lsa_String(&r->account_name, account_name);
+}
+
+/*******************************************************************
+ inits a samr_UserInfo9 structure.
+********************************************************************/
+
+void init_samr_user_info9(struct samr_UserInfo9 *r,
+ uint32_t primary_gid)
+{
+ DEBUG(5, ("init_samr_user_info9\n"));
+
+ r->primary_gid = primary_gid;
+}
+
+/*******************************************************************
+ inits a SAM_USER_INFO_16 structure.
+********************************************************************/
+
+void init_samr_user_info16(struct samr_UserInfo16 *r,
+ uint32_t acct_flags)
+{
+ DEBUG(5, ("init_samr_user_info16\n"));
+
+ r->acct_flags = acct_flags;
+}
+
+/*******************************************************************
+ inits a samr_UserInfo18 structure.
+********************************************************************/
+
+void init_samr_user_info18(struct samr_UserInfo18 *r,
+ const uint8 lm_pwd[16],
+ const uint8 nt_pwd[16])
+{
+ DEBUG(5, ("init_samr_user_info18\n"));
+
+ r->lm_pwd_active =
+ memcpy(r->lm_pwd.hash, lm_pwd, sizeof(r->lm_pwd.hash)) ? true : false;
+ r->nt_pwd_active =
+ memcpy(r->nt_pwd.hash, nt_pwd, sizeof(r->nt_pwd.hash)) ? true : false;
+}
+
+/*******************************************************************
+ inits a samr_UserInfo20 structure.
+********************************************************************/
+
+void init_samr_user_info20(struct samr_UserInfo20 *r,
+ const char *munged_dial)
+{
+ init_lsa_String(&r->parameters, munged_dial);
+}
+
+/*************************************************************************
+ inits a samr_UserInfo21 structure
+ *************************************************************************/
+
+void init_samr_user_info21(struct samr_UserInfo21 *r,
+ NTTIME last_logon,
+ NTTIME last_logoff,
+ NTTIME last_password_change,
+ NTTIME acct_expiry,
+ NTTIME allow_password_change,
+ NTTIME force_password_change,
+ const char *account_name,
+ const char *full_name,
+ const char *home_directory,
+ const char *home_drive,
+ const char *logon_script,
+ const char *profile_path,
+ const char *description,
+ const char *workstations,
+ const char *comment,
+ const char *parameters,
+ uint32_t rid,
+ uint32_t primary_gid,
+ uint32_t acct_flags,
+ uint32_t fields_present,
+ struct samr_LogonHours logon_hours,
+ uint16_t bad_password_count,
+ uint16_t logon_count,
+ uint16_t country_code,
+ uint16_t code_page,
+ uint8_t nt_password_set,
+ uint8_t lm_password_set,
+ uint8_t password_expired)
+{
+ r->last_logon = last_logon;
+ r->last_logoff = last_logoff;
+ r->last_password_change = last_password_change;
+ r->acct_expiry = acct_expiry;
+ r->allow_password_change = allow_password_change;
+ r->force_password_change = force_password_change;
+ init_lsa_String(&r->account_name, account_name);
+ init_lsa_String(&r->full_name, full_name);
+ init_lsa_String(&r->home_directory, home_directory);
+ init_lsa_String(&r->home_drive, home_drive);
+ init_lsa_String(&r->logon_script, logon_script);
+ init_lsa_String(&r->profile_path, profile_path);
+ init_lsa_String(&r->description, description);
+ init_lsa_String(&r->workstations, workstations);
+ init_lsa_String(&r->comment, comment);
+ init_lsa_String(&r->parameters, parameters);
+ r->rid = rid;
+ r->primary_gid = primary_gid;
+ r->acct_flags = acct_flags;
+ r->fields_present = fields_present;
+ r->logon_hours = logon_hours;
+ r->bad_password_count = bad_password_count;
+ r->logon_count = logon_count;
+ r->country_code = country_code;
+ r->code_page = code_page;
+ r->nt_password_set = nt_password_set;
+ r->lm_password_set = lm_password_set;
+ r->password_expired = password_expired;
+}
diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c
index d25ca3a..f7cc7ee 100644
--- a/source/rpc_server/srv_samr.c
+++ b/source/rpc_server/srv_samr.c
@@ -188,28 +188,7 @@ static bool api_samr_open_user(pipes_struct *p)
static bool api_samr_query_userinfo(pipes_struct *p)
{
- SAMR_Q_QUERY_USERINFO q_u;
- SAMR_R_QUERY_USERINFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_query_userinfo("", &q_u, data, 0)){
- DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_query_userinfo(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n"));
- return False;
- }
-
- return True;
+ return proxy_samr_call(p, NDR_SAMR_QUERYUSERINFO);
}
/*******************************************************************
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 412aa9d..ac10754 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2129,10 +2129,15 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
get_user_info_7. Safe. Only gives out account_name.
*************************************************************************/
-static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_SID *user_sid)
+static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo7 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ const char *account_name = NULL;
+
+ ZERO_STRUCTP(r);
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
@@ -2147,12 +2152,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
return NT_STATUS_NO_SUCH_USER;
}
- DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
+ account_name = talloc_strdup(mem_ctx, pdb_get_username(smbpass));
+ if (!account_name) {
+ TALLOC_FREE(smbpass);
+ return NT_STATUS_NO_MEMORY;
+ }
+ TALLOC_FREE(smbpass);
- ZERO_STRUCTP(id7);
- init_sam_user_info7(id7, pdb_get_username(smbpass) );
+ DEBUG(3,("User:[%s]\n", account_name));
- TALLOC_FREE(smbpass);
+ init_samr_user_info7(r, account_name);
return NT_STATUS_OK;
}
@@ -2160,11 +2169,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
/*************************************************************************
get_user_info_9. Only gives out primary group SID.
*************************************************************************/
-static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_SID *user_sid)
+
+static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo9 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ ZERO_STRUCTP(r);
+
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
}
@@ -2175,13 +2189,13 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
if (ret==False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(smbpass);
return NT_STATUS_NO_SUCH_USER;
}
DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
- ZERO_STRUCTP(id9);
- init_sam_user_info9(id9, pdb_get_group_rid(smbpass) );
+ init_samr_user_info9(r, pdb_get_group_rid(smbpass));
TALLOC_FREE(smbpass);
@@ -2192,11 +2206,15 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
get_user_info_16. Safe. Only gives out acb bits.
*************************************************************************/
-static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DOM_SID *user_sid)
+static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo16 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ ZERO_STRUCTP(r);
+
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
}
@@ -2207,13 +2225,13 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
if (ret==False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(smbpass);
return NT_STATUS_NO_SUCH_USER;
}
DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
- ZERO_STRUCTP(id16);
- init_sam_user_info16(id16, pdb_get_acct_ctrl(smbpass) );
+ init_samr_user_info16(r, pdb_get_acct_ctrl(smbpass));
TALLOC_FREE(smbpass);
@@ -2226,11 +2244,16 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
user. JRA.
*************************************************************************/
-static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_18 * id18, DOM_SID *user_sid)
+static NTSTATUS get_user_info_18(pipes_struct *p,
+ TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo18 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ ZERO_STRUCTP(r);
+
if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -2262,8 +2285,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
return NT_STATUS_ACCOUNT_DISABLED;
}
- ZERO_STRUCTP(id18);
- init_sam_user_info18(id18, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass));
+ init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass),
+ pdb_get_nt_passwd(smbpass));
TALLOC_FREE(smbpass);
@@ -2274,10 +2297,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
get_user_info_20
*************************************************************************/
-static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid)
+static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo20 *r,
+ DOM_SID *user_sid)
{
struct samu *sampass=NULL;
bool ret;
+ const char *munged_dial = NULL;
+ const char *munged_dial_decoded = NULL;
+ DATA_BLOB blob;
+
+ ZERO_STRUCTP(r);
if ( !(sampass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
@@ -2289,72 +2319,219 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DO
if (ret == False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(sampass);
return NT_STATUS_NO_SUCH_USER;
}
+ munged_dial = pdb_get_munged_dial(sampass);
+
samr_clear_sam_passwd(sampass);
DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) ));
- ZERO_STRUCTP(id20);
- init_sam_user_info20A(id20, sampass);
+ if (munged_dial) {
+ blob = base64_decode_data_blob(munged_dial);
+ munged_dial_decoded = talloc_strndup(mem_ctx,
+ (const char *)blob.data,
+ blob.length);
+ data_blob_free(&blob);
+ if (!munged_dial_decoded) {
+ TALLOC_FREE(sampass);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+#if 0
+ init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
+ init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ data_blob_free(&blob);
+#endif
+ init_samr_user_info20(r, munged_dial_decoded);
TALLOC_FREE(sampass);
return NT_STATUS_OK;
}
+
/*************************************************************************
get_user_info_21
*************************************************************************/
-static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
- DOM_SID *user_sid, DOM_SID *domain_sid)
+static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo21 *r,
+ DOM_SID *user_sid,
+ DOM_SID *domain_sid)
{
- struct samu *sampass=NULL;
+ struct samu *pw = NULL;
bool ret;
- NTSTATUS nt_status;
-
- if ( !(sampass = samu_new( mem_ctx )) ) {
+ const DOM_SID *sid_user, *sid_group;
+ uint32_t rid, primary_gid;
+ NTTIME last_logon, last_logoff, last_password_change,
+ acct_expiry, allow_password_change, force_password_change;
+ time_t must_change_time;
+ uint8_t password_expired;
+ const char *account_name, *full_name, *home_directory, *home_drive,
+ *logon_script, *profile_path, *description,
+ *workstations, *comment, *parameters;
+ struct samr_LogonHours logon_hours;
+ const char *munged_dial = NULL;
+ DATA_BLOB blob;
+
+ ZERO_STRUCTP(r);
+
+ if (!(pw = samu_new(mem_ctx))) {
return NT_STATUS_NO_MEMORY;
}
become_root();
- ret = pdb_getsampwsid(sampass, user_sid);
+ ret = pdb_getsampwsid(pw, user_sid);
unbecome_root();
if (ret == False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(pw);
return NT_STATUS_NO_SUCH_USER;
}
- samr_clear_sam_passwd(sampass);
+ samr_clear_sam_passwd(pw);
- DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) ));
+ DEBUG(3,("User:[%s]\n", pdb_get_username(pw)));
- ZERO_STRUCTP(id21);
- nt_status = init_sam_user_info21A(id21, sampass, domain_sid);
+ sid_user = pdb_get_user_sid(pw);
- TALLOC_FREE(sampass);
+ if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
+ DEBUG(0, ("get_user_info_21: User %s has SID %s, \nwhich conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ pdb_get_username(pw), sid_string_dbg(sid_user),
+ sid_string_dbg(domain_sid)));
+ TALLOC_FREE(pw);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
- return nt_status;
+ become_root();
+ sid_group = pdb_get_group_sid(pw);
+ unbecome_root();
+
+ if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
+ DEBUG(0, ("get_user_info_21: User %s has Primary Group SID %s, \n"
+ "which conflicts with the domain sid %s. Failing operation.\n",
+ pdb_get_username(pw), sid_string_dbg(sid_group),
+ sid_string_dbg(domain_sid)));
+ TALLOC_FREE(pw);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ unix_to_nt_time(&last_logon, pdb_get_logon_time(pw));
+ unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw));
+ unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw));
+ unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw));
+ unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(pw));
+
+ must_change_time = pdb_get_pass_must_change_time(pw);
+ if (must_change_time == get_time_t_max()) {
+ unix_to_nt_time_abs(&force_password_change, must_change_time);
+ } else {
+ unix_to_nt_time(&force_password_change, must_change_time);
+ }
+
+ if (pdb_get_pass_must_change_time(pw) == 0) {
+ password_expired = PASS_MUST_CHANGE_AT_NEXT_LOGON;
+ } else {
+ password_expired = 0;
+ }
+
+ munged_dial = pdb_get_munged_dial(pw);
+ if (munged_dial) {
+ blob = base64_decode_data_blob(munged_dial);
+ parameters = talloc_strndup(mem_ctx, (const char *)blob.data, blob.length);
--
Samba Shared Repository
More information about the samba-cvs
mailing list