The branch, master has been updated
via 6aca5fca8dd73ff33cfac5000480520def04e7fa (commit)
via b96fdae1f414bacd301a756d267497341e71738d (commit)
via f05d888d7ab910b3ed39e4d36eeb52cb86bd990e (commit)
via f93f713898f2208fda51f24121b060ee09f5fe3a (commit)
via b0df0e8cc76e67a977129aca8b254fe38de85ebd (commit)
from f238809d236443b8968e1b4b197a55935c7c7e85 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6aca5fca8dd73ff33cfac5000480520def04e7fa
Author: Günther Deschner <[email protected]>
Date: Thu May 7 18:42:28 2009 +0200
s3-samr: Let _samr_TestPrivateFunctionsUser() return not supported.
This is to get us closer to pass RPC-SAMR-USERS.
Guenther
commit b96fdae1f414bacd301a756d267497341e71738d
Author: Günther Deschner <[email protected]>
Date: Thu May 7 18:40:39 2009 +0200
s3-samr: Do not return users in _samr_QueryDisplayInfo() for builtin domain.
Found by torture test.
Guenther
commit f05d888d7ab910b3ed39e4d36eeb52cb86bd990e
Author: Günther Deschner <[email protected]>
Date: Thu May 7 21:45:51 2009 +0200
s3-samr: let set_user_info_16 and 20 follow the same pattern as all other
levels.
Guenther
commit f93f713898f2208fda51f24121b060ee09f5fe3a
Author: Günther Deschner <[email protected]>
Date: Thu May 7 17:06:26 2009 +0200
s3-samr: support some more info levels in samr_SetUserInfo calls.
Guenther
commit b0df0e8cc76e67a977129aca8b254fe38de85ebd
Author: Günther Deschner <[email protected]>
Date: Thu May 7 17:05:49 2009 +0200
s3-samr: support some more info levels in samr_QueryUser calls.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 22 ++
source3/rpc_server/srv_samr_nt.c | 544 ++++++++++++++++++++++++++++++++++--
source3/rpc_server/srv_samr_util.c | 239 ++++++++++++++++
3 files changed, 777 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index eaaca56..3c14fb5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5817,6 +5817,28 @@ NTSTATUS np_read_recv(struct tevent_req *req, ssize_t
*nread,
/* The following definitions come from rpc_server/srv_samr_util.c */
+void copy_id2_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo2 *from);
+void copy_id4_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo4 *from);
+void copy_id6_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo6 *from);
+void copy_id8_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo8 *from);
+void copy_id10_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo10 *from);
+void copy_id11_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo11 *from);
+void copy_id12_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo12 *from);
+void copy_id13_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo13 *from);
+void copy_id14_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo14 *from);
+void copy_id16_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo16 *from);
+void copy_id17_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo17 *from);
void copy_id18_to_sam_passwd(struct samu *to,
struct samr_UserInfo18 *from);
void copy_id20_to_sam_passwd(struct samu *to,
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 677b593..e656e6c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1397,6 +1397,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
return status;
}
+ if (sid_check_is_builtin(&dinfo->sid)) {
+ DEBUG(5,("_samr_QueryDisplayInfo: no users in BUILTIN\n"));
+ return NT_STATUS_OK;
+ }
+
/*
* calculate how many entries we will return.
* based on
@@ -2124,6 +2129,130 @@ static NTSTATUS init_samr_parameters_string(TALLOC_CTX
*mem_ctx,
return NT_STATUS_OK;
}
+/*************************************************************************
+ get_user_info_1.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_1(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo1 *r,
+ struct samu *pw,
+ DOM_SID *domain_sid)
+{
+ const DOM_SID *sid_group;
+ uint32_t primary_gid;
+
+ become_root();
+ sid_group = pdb_get_group_sid(pw);
+ unbecome_root();
+
+ if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
+ DEBUG(0, ("get_user_info_1: User %s has Primary Group SID %s,
\n"
+ "which conflicts with the domain sid %s. Failing
operation.\n",
+ pdb_get_username(pw), sid_string_dbg(sid_group),
+ sid_string_dbg(domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ r->account_name.string = talloc_strdup(mem_ctx,
pdb_get_username(pw));
+ r->full_name.string = talloc_strdup(mem_ctx,
pdb_get_fullname(pw));
+ r->primary_gid = primary_gid;
+ r->description.string = talloc_strdup(mem_ctx,
pdb_get_acct_desc(pw));
+ r->comment.string = talloc_strdup(mem_ctx,
pdb_get_comment(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_2.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_2(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo2 *r,
+ struct samu *pw)
+{
+ r->comment.string = talloc_strdup(mem_ctx,
pdb_get_comment(pw));
+ r->unknown.string = NULL;
+ r->country_code = 0;
+ r->code_page = 0;
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_3.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_3(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo3 *r,
+ struct samu *pw,
+ DOM_SID *domain_sid)
+{
+ const DOM_SID *sid_user, *sid_group;
+ uint32_t rid, primary_gid;
+
+ sid_user = pdb_get_user_sid(pw);
+
+ if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
+ DEBUG(0, ("get_user_info_3: User %s has SID %s, \nwhich
conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ pdb_get_username(pw), sid_string_dbg(sid_user),
+ sid_string_dbg(domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ become_root();
+ sid_group = pdb_get_group_sid(pw);
+ unbecome_root();
+
+ if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
+ DEBUG(0, ("get_user_info_3: User %s has Primary Group SID %s,
\n"
+ "which conflicts with the domain sid %s. Failing
operation.\n",
+ pdb_get_username(pw), sid_string_dbg(sid_group),
+ sid_string_dbg(domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ unix_to_nt_time(&r->last_logon, pdb_get_logon_time(pw));
+ unix_to_nt_time(&r->last_logoff, pdb_get_logoff_time(pw));
+ unix_to_nt_time(&r->last_password_change,
pdb_get_pass_last_set_time(pw));
+ unix_to_nt_time(&r->allow_password_change,
pdb_get_pass_can_change_time(pw));
+ unix_to_nt_time(&r->force_password_change,
pdb_get_pass_must_change_time(pw));
+
+ r->account_name.string = talloc_strdup(mem_ctx, pdb_get_username(pw));
+ r->full_name.string = talloc_strdup(mem_ctx, pdb_get_fullname(pw));
+ r->home_directory.string= talloc_strdup(mem_ctx, pdb_get_homedir(pw));
+ r->home_drive.string = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw));
+ r->logon_script.string = talloc_strdup(mem_ctx,
pdb_get_logon_script(pw));
+ r->profile_path.string = talloc_strdup(mem_ctx,
pdb_get_profile_path(pw));
+ r->workstations.string = talloc_strdup(mem_ctx,
pdb_get_workstations(pw));
+
+ r->logon_hours = get_logon_hours_from_pdb(mem_ctx, pw);
+ r->rid = rid;
+ r->primary_gid = primary_gid;
+ r->acct_flags = pdb_get_acct_ctrl(pw);
+ r->bad_password_count = pdb_get_bad_password_count(pw);
+ r->logon_count = pdb_get_logon_count(pw);
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_4.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_4(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo4 *r,
+ struct samu *pw)
+{
+ r->logon_hours = get_logon_hours_from_pdb(mem_ctx, pw);
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_5.
+ *************************************************************************/
+
static NTSTATUS get_user_info_5(TALLOC_CTX *mem_ctx,
struct samr_UserInfo5 *r,
struct samu *pw,
@@ -2179,6 +2308,20 @@ static NTSTATUS get_user_info_5(TALLOC_CTX *mem_ctx,
}
/*************************************************************************
+ get_user_info_6.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_6(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo6 *r,
+ struct samu *pw)
+{
+ r->account_name.string = talloc_strdup(mem_ctx, pdb_get_username(pw));
+ r->full_name.string = talloc_strdup(mem_ctx, pdb_get_fullname(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
get_user_info_7. Safe. Only gives out account_name.
*************************************************************************/
@@ -2195,6 +2338,19 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx,
}
/*************************************************************************
+ get_user_info_8.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_8(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo8 *r,
+ struct samu *pw)
+{
+ r->full_name.string = talloc_strdup(mem_ctx, pdb_get_fullname(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
get_user_info_9. Only gives out primary group SID.
*************************************************************************/
@@ -2208,6 +2364,72 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx,
}
/*************************************************************************
+ get_user_info_10.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_10(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo10 *r,
+ struct samu *pw)
+{
+ r->home_directory.string= talloc_strdup(mem_ctx, pdb_get_homedir(pw));
+ r->home_drive.string = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_11.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_11(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo11 *r,
+ struct samu *pw)
+{
+ r->logon_script.string = talloc_strdup(mem_ctx,
pdb_get_logon_script(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_12.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_12(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo12 *r,
+ struct samu *pw)
+{
+ r->profile_path.string = talloc_strdup(mem_ctx,
pdb_get_profile_path(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_13.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_13(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo13 *r,
+ struct samu *pw)
+{
+ r->description.string = talloc_strdup(mem_ctx, pdb_get_acct_desc(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
+ get_user_info_14.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_14(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo14 *r,
+ struct samu *pw)
+{
+ r->workstations.string = talloc_strdup(mem_ctx,
pdb_get_workstations(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
get_user_info_16. Safe. Only gives out acb bits.
*************************************************************************/
@@ -2221,6 +2443,19 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx,
}
/*************************************************************************
+ get_user_info_17.
+ *************************************************************************/
+
+static NTSTATUS get_user_info_17(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo17 *r,
+ struct samu *pw)
+{
+ unix_to_nt_time(&r->acct_expiry, pdb_get_kickoff_time(pw));
+
+ return NT_STATUS_OK;
+}
+
+/*************************************************************************
get_user_info_18. OK - this is the killer as it gives out password info.
Ensure that this is only allowed on an encrypted connection with a root
user. JRA.
@@ -2487,18 +2722,54 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
samr_clear_sam_passwd(pwd);
switch (r->in.level) {
+ case 1:
+ status = get_user_info_1(p->mem_ctx, &user_info->info1, pwd,
&domain_sid);
+ break;
+ case 2:
+ status = get_user_info_2(p->mem_ctx, &user_info->info2, pwd);
+ break;
+ case 3:
+ status = get_user_info_3(p->mem_ctx, &user_info->info3, pwd,
&domain_sid);
+ break;
+ case 4:
+ status = get_user_info_4(p->mem_ctx, &user_info->info4, pwd);
+ break;
case 5:
status = get_user_info_5(p->mem_ctx, &user_info->info5, pwd,
&domain_sid);
break;
+ case 6:
+ status = get_user_info_6(p->mem_ctx, &user_info->info6, pwd);
+ break;
case 7:
status = get_user_info_7(p->mem_ctx, &user_info->info7, pwd);
break;
+ case 8:
+ status = get_user_info_8(p->mem_ctx, &user_info->info8, pwd);
+ break;
case 9:
status = get_user_info_9(p->mem_ctx, &user_info->info9, pwd);
break;
+ case 10:
+ status = get_user_info_10(p->mem_ctx, &user_info->info10, pwd);
+ break;
+ case 11:
+ status = get_user_info_11(p->mem_ctx, &user_info->info11, pwd);
+ break;
+ case 12:
+ status = get_user_info_12(p->mem_ctx, &user_info->info12, pwd);
+ break;
+ case 13:
+ status = get_user_info_13(p->mem_ctx, &user_info->info13, pwd);
+ break;
+ case 14:
+ status = get_user_info_14(p->mem_ctx, &user_info->info14, pwd);
+ break;
case 16:
status = get_user_info_16(p->mem_ctx, &user_info->info16, pwd);
break;
+ case 17:
+ status = get_user_info_17(p->mem_ctx, &user_info->info17, pwd);
+ break;
case 18:
/* level 18 is special */
status = get_user_info_18(p, p->mem_ctx, &user_info->info18,
@@ -3407,6 +3678,60 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
}
/*******************************************************************
+ set_user_info_2
+ ********************************************************************/
+
+static NTSTATUS set_user_info_2(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo2 *id2,
+ struct samu *pwd)
+{
+ if (id2 == NULL) {
+ DEBUG(5,("set_user_info_2: NULL id2\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ copy_id2_to_sam_passwd(pwd, id2);
+
+ return pdb_update_sam_account(pwd);
+}
+
+/*******************************************************************
+ set_user_info_4
+ ********************************************************************/
+
+static NTSTATUS set_user_info_4(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo4 *id4,
+ struct samu *pwd)
+{
+ if (id4 == NULL) {
+ DEBUG(5,("set_user_info_2: NULL id4\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ copy_id4_to_sam_passwd(pwd, id4);
+
+ return pdb_update_sam_account(pwd);
+}
+
+/*******************************************************************
+ set_user_info_6
+ ********************************************************************/
+
+static NTSTATUS set_user_info_6(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo6 *id6,
+ struct samu *pwd)
+{
+ if (id6 == NULL) {
+ DEBUG(5,("set_user_info_6: NULL id6\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ copy_id6_to_sam_passwd(pwd, id6);
+
+ return pdb_update_sam_account(pwd);
+}
+
+/*******************************************************************
set_user_info_7
********************************************************************/
@@ -3446,27 +3771,147 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
}
/*******************************************************************
+ set_user_info_8
+ ********************************************************************/
+
+static NTSTATUS set_user_info_8(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo8 *id8,
+ struct samu *pwd)
+{
+ if (id8 == NULL) {
+ DEBUG(5,("set_user_info_8: NULL id8\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ copy_id8_to_sam_passwd(pwd, id8);
+
+ return pdb_update_sam_account(pwd);
+}
+
+/*******************************************************************
+ set_user_info_10
+ ********************************************************************/
+
+static NTSTATUS set_user_info_10(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo10 *id10,
+ struct samu *pwd)
+{
+ if (id10 == NULL) {
+ DEBUG(5,("set_user_info_8: NULL id10\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ copy_id10_to_sam_passwd(pwd, id10);
+
+ return pdb_update_sam_account(pwd);
+}
+
+/*******************************************************************
+ set_user_info_11
+ ********************************************************************/
+
+static NTSTATUS set_user_info_11(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo11 *id11,
+ struct samu *pwd)
+{
+ if (id11 == NULL) {
+ DEBUG(5,("set_user_info_11: NULL id11\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ copy_id11_to_sam_passwd(pwd, id11);
+
+ return pdb_update_sam_account(pwd);
+}
+
+/*******************************************************************
+ set_user_info_12
+ ********************************************************************/
+
+static NTSTATUS set_user_info_12(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo12 *id12,
+ struct samu *pwd)
+{
+ if (id12 == NULL) {
+ DEBUG(5,("set_user_info_12: NULL id12\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
--
Samba Shared Repository
