The branch, v3-2-test has been updated via 53dc913b2d01aeea2a7490c5ef1292e6c6eff5e7 (commit) via e1bcb7d82f22810e342a18aacbcfe49c3902bcb4 (commit) from 8ee7dfad2e3a40e378398ea20158d3c7e7168cba (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test - Log ----------------------------------------------------------------- commit 53dc913b2d01aeea2a7490c5ef1292e6c6eff5e7 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Tue Feb 12 12:58:47 2008 +0100 Use pidl for _samr_QueryUserInfo. Guenther commit e1bcb7d82f22810e342a18aacbcfe49c3902bcb4 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Tue Feb 12 14:26:56 2008 +0100 Add get_logon_hours_from_pdb() (inspired by samba4). Guenther ----------------------------------------------------------------------- Summary of changes: source/passdb/passdb.c | 23 +++ source/rpc_client/init_samr.c | 125 ++++++++++++++ source/rpc_server/srv_samr.c | 23 +--- source/rpc_server/srv_samr_nt.c | 341 ++++++++++++++++++++++++++++----------- 4 files changed, 396 insertions(+), 116 deletions(-) Changeset truncated at 500 lines: diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index b6a4126..70b9dcd 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -1616,3 +1616,26 @@ bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16], return False; } +struct samr_LogonHours get_logon_hours_from_pdb(TALLOC_CTX *mem_ctx, + struct samu *pw) +{ + struct samr_LogonHours hours; + const int units_per_week = 168; + + ZERO_STRUCT(hours); + hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week); + if (!hours.bits) { + return hours; + } + + hours.units_per_week = units_per_week; + memset(hours.bits, 0xFF, units_per_week); + + if (pdb_get_hours(pw)) { + memcpy(hours.bits, pdb_get_hours(pw), + MIN(pdb_get_hours_len(pw), units_per_week)); + } + + return hours; +} + diff --git a/source/rpc_client/init_samr.c b/source/rpc_client/init_samr.c index db8f4aa..a61ddb5 100644 --- a/source/rpc_client/init_samr.c +++ b/source/rpc_client/init_samr.c @@ -260,3 +260,128 @@ void init_samr_alias_info3(struct lsa_String *r, init_lsa_String(r, description); } +/******************************************************************* + inits a samr_UserInfo7 structure. +********************************************************************/ + +void init_samr_user_info7(struct samr_UserInfo7 *r, + const char *account_name) +{ + DEBUG(5, ("init_samr_user_info7\n")); + + init_lsa_String(&r->account_name, account_name); +} + +/******************************************************************* + inits a samr_UserInfo9 structure. +********************************************************************/ + +void init_samr_user_info9(struct samr_UserInfo9 *r, + uint32_t primary_gid) +{ + DEBUG(5, ("init_samr_user_info9\n")); + + r->primary_gid = primary_gid; +} + +/******************************************************************* + inits a SAM_USER_INFO_16 structure. +********************************************************************/ + +void init_samr_user_info16(struct samr_UserInfo16 *r, + uint32_t acct_flags) +{ + DEBUG(5, ("init_samr_user_info16\n")); + + r->acct_flags = acct_flags; +} + +/******************************************************************* + inits a samr_UserInfo18 structure. +********************************************************************/ + +void init_samr_user_info18(struct samr_UserInfo18 *r, + const uint8 lm_pwd[16], + const uint8 nt_pwd[16]) +{ + DEBUG(5, ("init_samr_user_info18\n")); + + r->lm_pwd_active = + memcpy(r->lm_pwd.hash, lm_pwd, sizeof(r->lm_pwd.hash)) ? true : false; + r->nt_pwd_active = + memcpy(r->nt_pwd.hash, nt_pwd, sizeof(r->nt_pwd.hash)) ? true : false; +} + +/******************************************************************* + inits a samr_UserInfo20 structure. +********************************************************************/ + +void init_samr_user_info20(struct samr_UserInfo20 *r, + const char *munged_dial) +{ + init_lsa_String(&r->parameters, munged_dial); +} + +/************************************************************************* + inits a samr_UserInfo21 structure + *************************************************************************/ + +void init_samr_user_info21(struct samr_UserInfo21 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + const char *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired) +{ + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->last_password_change = last_password_change; + r->acct_expiry = acct_expiry; + r->allow_password_change = allow_password_change; + r->force_password_change = force_password_change; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->description, description); + init_lsa_String(&r->workstations, workstations); + init_lsa_String(&r->comment, comment); + init_lsa_String(&r->parameters, parameters); + r->rid = rid; + r->primary_gid = primary_gid; + r->acct_flags = acct_flags; + r->fields_present = fields_present; + r->logon_hours = logon_hours; + r->bad_password_count = bad_password_count; + r->logon_count = logon_count; + r->country_code = country_code; + r->code_page = code_page; + r->nt_password_set = nt_password_set; + r->lm_password_set = lm_password_set; + r->password_expired = password_expired; +} diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c index d25ca3a..f7cc7ee 100644 --- a/source/rpc_server/srv_samr.c +++ b/source/rpc_server/srv_samr.c @@ -188,28 +188,7 @@ static bool api_samr_open_user(pipes_struct *p) static bool api_samr_query_userinfo(pipes_struct *p) { - SAMR_Q_QUERY_USERINFO q_u; - SAMR_R_QUERY_USERINFO r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!samr_io_q_query_userinfo("", &q_u, data, 0)){ - DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n")); - return False; - } - - r_u.status = _samr_query_userinfo(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) { - DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n")); - return False; - } - - return True; + return proxy_samr_call(p, NDR_SAMR_QUERYUSERINFO); } /******************************************************************* diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 412aa9d..ac10754 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -2129,10 +2129,15 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, get_user_info_7. Safe. Only gives out account_name. *************************************************************************/ -static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_SID *user_sid) +static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, + struct samr_UserInfo7 *r, + DOM_SID *user_sid) { struct samu *smbpass=NULL; bool ret; + const char *account_name = NULL; + + ZERO_STRUCTP(r); if ( !(smbpass = samu_new( mem_ctx )) ) { return NT_STATUS_NO_MEMORY; @@ -2147,12 +2152,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S return NT_STATUS_NO_SUCH_USER; } - DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) )); + account_name = talloc_strdup(mem_ctx, pdb_get_username(smbpass)); + if (!account_name) { + TALLOC_FREE(smbpass); + return NT_STATUS_NO_MEMORY; + } + TALLOC_FREE(smbpass); - ZERO_STRUCTP(id7); - init_sam_user_info7(id7, pdb_get_username(smbpass) ); + DEBUG(3,("User:[%s]\n", account_name)); - TALLOC_FREE(smbpass); + init_samr_user_info7(r, account_name); return NT_STATUS_OK; } @@ -2160,11 +2169,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S /************************************************************************* get_user_info_9. Only gives out primary group SID. *************************************************************************/ -static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_SID *user_sid) + +static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, + struct samr_UserInfo9 *r, + DOM_SID *user_sid) { struct samu *smbpass=NULL; bool ret; + ZERO_STRUCTP(r); + if ( !(smbpass = samu_new( mem_ctx )) ) { return NT_STATUS_NO_MEMORY; } @@ -2175,13 +2189,13 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_ if (ret==False) { DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid))); + TALLOC_FREE(smbpass); return NT_STATUS_NO_SUCH_USER; } DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) )); - ZERO_STRUCTP(id9); - init_sam_user_info9(id9, pdb_get_group_rid(smbpass) ); + init_samr_user_info9(r, pdb_get_group_rid(smbpass)); TALLOC_FREE(smbpass); @@ -2192,11 +2206,15 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_ get_user_info_16. Safe. Only gives out acb bits. *************************************************************************/ -static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DOM_SID *user_sid) +static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, + struct samr_UserInfo16 *r, + DOM_SID *user_sid) { struct samu *smbpass=NULL; bool ret; + ZERO_STRUCTP(r); + if ( !(smbpass = samu_new( mem_ctx )) ) { return NT_STATUS_NO_MEMORY; } @@ -2207,13 +2225,13 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO if (ret==False) { DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid))); + TALLOC_FREE(smbpass); return NT_STATUS_NO_SUCH_USER; } DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) )); - ZERO_STRUCTP(id16); - init_sam_user_info16(id16, pdb_get_acct_ctrl(smbpass) ); + init_samr_user_info16(r, pdb_get_acct_ctrl(smbpass)); TALLOC_FREE(smbpass); @@ -2226,11 +2244,16 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO user. JRA. *************************************************************************/ -static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_18 * id18, DOM_SID *user_sid) +static NTSTATUS get_user_info_18(pipes_struct *p, + TALLOC_CTX *mem_ctx, + struct samr_UserInfo18 *r, + DOM_SID *user_sid) { struct samu *smbpass=NULL; bool ret; + ZERO_STRUCTP(r); + if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { return NT_STATUS_ACCESS_DENIED; } @@ -2262,8 +2285,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_ return NT_STATUS_ACCOUNT_DISABLED; } - ZERO_STRUCTP(id18); - init_sam_user_info18(id18, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass)); + init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass), + pdb_get_nt_passwd(smbpass)); TALLOC_FREE(smbpass); @@ -2274,10 +2297,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_ get_user_info_20 *************************************************************************/ -static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid) +static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, + struct samr_UserInfo20 *r, + DOM_SID *user_sid) { struct samu *sampass=NULL; bool ret; + const char *munged_dial = NULL; + const char *munged_dial_decoded = NULL; + DATA_BLOB blob; + + ZERO_STRUCTP(r); if ( !(sampass = samu_new( mem_ctx )) ) { return NT_STATUS_NO_MEMORY; @@ -2289,72 +2319,219 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DO if (ret == False) { DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid))); + TALLOC_FREE(sampass); return NT_STATUS_NO_SUCH_USER; } + munged_dial = pdb_get_munged_dial(sampass); + samr_clear_sam_passwd(sampass); DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); - ZERO_STRUCTP(id20); - init_sam_user_info20A(id20, sampass); + if (munged_dial) { + blob = base64_decode_data_blob(munged_dial); + munged_dial_decoded = talloc_strndup(mem_ctx, + (const char *)blob.data, + blob.length); + data_blob_free(&blob); + if (!munged_dial_decoded) { + TALLOC_FREE(sampass); + return NT_STATUS_NO_MEMORY; + } + } + +#if 0 + init_unistr2_from_datablob(&usr->uni_munged_dial, &blob); + init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial); + data_blob_free(&blob); +#endif + init_samr_user_info20(r, munged_dial_decoded); TALLOC_FREE(sampass); return NT_STATUS_OK; } + /************************************************************************* get_user_info_21 *************************************************************************/ -static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, - DOM_SID *user_sid, DOM_SID *domain_sid) +static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, + struct samr_UserInfo21 *r, + DOM_SID *user_sid, + DOM_SID *domain_sid) { - struct samu *sampass=NULL; + struct samu *pw = NULL; bool ret; - NTSTATUS nt_status; - - if ( !(sampass = samu_new( mem_ctx )) ) { + const DOM_SID *sid_user, *sid_group; + uint32_t rid, primary_gid; + NTTIME last_logon, last_logoff, last_password_change, + acct_expiry, allow_password_change, force_password_change; + time_t must_change_time; + uint8_t password_expired; + const char *account_name, *full_name, *home_directory, *home_drive, + *logon_script, *profile_path, *description, + *workstations, *comment, *parameters; + struct samr_LogonHours logon_hours; + const char *munged_dial = NULL; + DATA_BLOB blob; + + ZERO_STRUCTP(r); + + if (!(pw = samu_new(mem_ctx))) { return NT_STATUS_NO_MEMORY; } become_root(); - ret = pdb_getsampwsid(sampass, user_sid); + ret = pdb_getsampwsid(pw, user_sid); unbecome_root(); if (ret == False) { DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid))); + TALLOC_FREE(pw); return NT_STATUS_NO_SUCH_USER; } - samr_clear_sam_passwd(sampass); + samr_clear_sam_passwd(pw); - DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); + DEBUG(3,("User:[%s]\n", pdb_get_username(pw))); - ZERO_STRUCTP(id21); - nt_status = init_sam_user_info21A(id21, sampass, domain_sid); + sid_user = pdb_get_user_sid(pw); - TALLOC_FREE(sampass); + if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) { + DEBUG(0, ("get_user_info_21: User %s has SID %s, \nwhich conflicts with " + "the domain sid %s. Failing operation.\n", + pdb_get_username(pw), sid_string_dbg(sid_user), + sid_string_dbg(domain_sid))); + TALLOC_FREE(pw); + return NT_STATUS_UNSUCCESSFUL; + } - return nt_status; + become_root(); + sid_group = pdb_get_group_sid(pw); + unbecome_root(); + + if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) { + DEBUG(0, ("get_user_info_21: User %s has Primary Group SID %s, \n" + "which conflicts with the domain sid %s. Failing operation.\n", + pdb_get_username(pw), sid_string_dbg(sid_group), + sid_string_dbg(domain_sid))); + TALLOC_FREE(pw); + return NT_STATUS_UNSUCCESSFUL; + } + + unix_to_nt_time(&last_logon, pdb_get_logon_time(pw)); + unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw)); + unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw)); + unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw)); + unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(pw)); + + must_change_time = pdb_get_pass_must_change_time(pw); + if (must_change_time == get_time_t_max()) { + unix_to_nt_time_abs(&force_password_change, must_change_time); + } else { + unix_to_nt_time(&force_password_change, must_change_time); + } + + if (pdb_get_pass_must_change_time(pw) == 0) { + password_expired = PASS_MUST_CHANGE_AT_NEXT_LOGON; + } else { + password_expired = 0; + } + + munged_dial = pdb_get_munged_dial(pw); + if (munged_dial) { + blob = base64_decode_data_blob(munged_dial); + parameters = talloc_strndup(mem_ctx, (const char *)blob.data, blob.length); -- Samba Shared Repository