Hi andrew, please take at look at the parameter order.:-)
!sid_peek_check_rid(domain_sid,user_sid,&user_rid) BOOL sid_peek_check_rid(const DOM_SID *exp_dom_sid, const DOM_SID *sid, uint32 * { if (!exp_dom_sid || !sid || !rid) return False; if (sid_compare_domain(exp_dom_sid, sid)!=0){ *rid=(-1); return False; } return sid_peek_rid(sid, rid); } At 00:33 26.06.2002 +1000, Andrew Bartlett wrote: >I've been doing some cleanup work recently - and I've particulary been >attacking the complex web of samba dependencies. > >This patch does two things: It reworks some SAMR code, in a way that >avoids the need for *two* sepeate 'enumuerate a list of domain users' >functions, and >that adds some SID checkings. > >Now the sid checking is currently incorrect - I'm still chasing down the >finer details of 'policy handles', but I just wanted to put this patch >out for an eyeball. > >What do people think - are there other problems with what I'm doing? > >And can anybody explain to me how policy handles work? In particular I >want to find the policy for the domain that this user was opened on - so >I can check the domain sid during the reply. (Yes, I could assume the >passdb is sane, and gives back correct sids, but I want the extra check >before I strip the rid from the sid). > >Andrew Bartlett >-- >Andrew Bartlett [EMAIL PROTECTED] >Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] >Student Network Administrator, Hawker College [EMAIL PROTECTED] >http://samba.org http://build.samba.org http://hawkerc.net? >config.h.in >? docs/docbook/confdefs.h >? source/Makefile.in- >? source/config.abartlet >? source/nt_pwd >? source/auth/auth_ntlmssp.c >? source/include/nmbd_dhcp_for_wins.h >? source/include/smb_interactive.h >? source/intl/Makefile >? source/intl/po >? source/intl/po2tbl.sed >? source/libsmb/.new.cliprint. >? source/nmbd/nmbd_dhcp_for_wins.c >? source/nsswitch/.libs >? source/nsswitch/ntlmauth.c >? source/passdb/pdb_compat.c >? source/po/Makefile >? source/po/POTFILES >? source/rpc_server/srv_samr_util.c >? source/torture/map_extract.c >Index: source/Makefile.in >=================================================================== >RCS file: /data/cvs/samba/source/Makefile.in,v >retrieving revision 1.488 >diff -u -r1.488 Makefile.in >--- source/Makefile.in 2002/06/25 02:29:08 1.488 >+++ source/Makefile.in 2002/06/25 09:08:12 >@@ -166,15 +166,17 @@ > > LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \ > libsmb/cli_netlogon.o libsmb/cli_srvsvc.o > libsmb/cli_wkssvc.o \ >- libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\ >+ libsmb/cli_dfs.o libsmb/cli_reg.o \ > rpc_client/cli_pipe.o > >+LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o >+ > LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po) > > RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \ > rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o > rpc_server/srv_netlog_nt.o \ > rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o > rpc_server/srv_reg_nt.o \ >- rpc_server/srv_samr.o rpc_server/srv_samr_nt.o \ >+ rpc_server/srv_samr.o rpc_server/srv_samr_nt.o >rpc_server/srv_samr_util.o \ > rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \ > rpc_server/srv_util.o rpc_server/srv_wkssvc.o > rpc_server/srv_wkssvc_nt.o \ > rpc_server/srv_pipe.o rpc_server/srv_dfs.o > rpc_server/srv_dfs_nt.o \ >@@ -202,7 +204,8 @@ > PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ > passdb/machine_sid.o passdb/pdb_smbpasswd.o \ > passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \ >- passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o >+ passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o \ >+ passdb/pdb_compat.o > > GROUPDB_OBJ = groupdb/mapping.o > >@@ -254,7 +257,8 @@ > $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \ > $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \ > $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \ >- $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ) \ >+ $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \ >+ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ > $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) > > >@@ -362,12 +366,12 @@ > utils/net_rap.o utils/net_rpc.o \ > utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o > >-NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ >- $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ >+NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ >+ $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ > $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ >+ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ > $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) > >- > CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) > $(LIB_OBJ) > > MOUNT_OBJ = client/smbmount.o \ >@@ -404,8 +408,8 @@ > $(UBIQX_OBJ) $(LIB_OBJ) > > SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ >- $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \ >- $(LIBMSRPC_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) >+ $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) >$(PASSDB_GET_SET_OBJ) \ >+ $(LIBMSRPC_OBJ) > > TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) > >@@ -430,7 +434,7 @@ > $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \ > $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \ > $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) > $(READLINE_OBJ) \ >- $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) >+ $(PROFILE_OBJ) > > NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) > $(LIB_OBJ) $(NSSWINS_OBJ) > NSS_OBJ = $(NSS_OBJ_0:.o=.po) >@@ -471,7 +475,7 @@ > nsswitch/winbindd_dual.o > > WINBINDD_OBJ = \ >- $(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ >+ $(WINBINDD_OBJ1) $(PASSDB_GET_SET_OBJ) \ > $(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ > $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ > $(PROFILE_OBJ) $(UNIGRP_OBJ) \ >Index: source/passdb/passdb.c >=================================================================== >RCS file: /data/cvs/samba/source/passdb/passdb.c,v >retrieving revision 1.161 >diff -u -r1.161 passdb.c >--- source/passdb/passdb.c 2002/06/14 04:26:23 1.161 >+++ source/passdb/passdb.c 2002/06/25 09:08:20 >@@ -937,122 +937,6 @@ > } > > /************************************************************* >- Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT >- **************************************************************/ >- >-void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) >-{ >- >- if (from == NULL || to == NULL) >- return; >- >- pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); >- pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); >- pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); >- pdb_set_pass_can_change_time(to, >nt_time_to_unix(&from->pass_can_change_time), True); >- pdb_set_pass_must_change_time(to, >nt_time_to_unix(&from->pass_must_change_time), True); >- >- pdb_set_pass_last_set_time(to, >nt_time_to_unix(&from->pass_last_set_time)); >- >- if (from->uni_user_name.buffer) >- pdb_set_username(to , >pdb_unistr2_convert(&from->uni_user_name )); >- if (from->uni_full_name.buffer) >- pdb_set_fullname(to , >pdb_unistr2_convert(&from->uni_full_name )); >- if (from->uni_home_dir.buffer) >- pdb_set_homedir(to , >pdb_unistr2_convert(&from->uni_home_dir ), True); >- if (from->uni_dir_drive.buffer) >- pdb_set_dir_drive(to , >pdb_unistr2_convert(&from->uni_dir_drive ), True); >- if (from->uni_logon_script.buffer) >- pdb_set_logon_script(to , >pdb_unistr2_convert(&from->uni_logon_script), True); >- if (from->uni_profile_path.buffer) >- pdb_set_profile_path(to , >pdb_unistr2_convert(&from->uni_profile_path), True); >- if (from->uni_acct_desc.buffer) >- pdb_set_acct_desc(to , >pdb_unistr2_convert(&from->uni_acct_desc )); >- if (from->uni_workstations.buffer) >- pdb_set_workstations(to , >pdb_unistr2_convert(&from->uni_workstations)); >- if (from->uni_unknown_str.buffer) >- pdb_set_unknown_str(to , >pdb_unistr2_convert(&from->uni_unknown_str )); >- if (from->uni_munged_dial.buffer) >- pdb_set_munged_dial(to , >pdb_unistr2_convert(&from->uni_munged_dial )); >- >- if (from->user_rid) >- pdb_set_user_sid_from_rid(to, from->user_rid); >- if (from->group_rid) >- pdb_set_group_sid_from_rid(to, from->group_rid); >- >- pdb_set_acct_ctrl(to, from->acb_info); >- pdb_set_unknown_3(to, from->unknown_3); >- >- pdb_set_logon_divs(to, from->logon_divs); >- pdb_set_hours_len(to, from->logon_hrs.len); >- pdb_set_hours(to, from->logon_hrs.hours); >- >- pdb_set_unknown_5(to, from->unknown_5); >- pdb_set_unknown_6(to, from->unknown_6); >-} >- >- >-/************************************************************* >- Copies a sam passwd. >- **************************************************************/ >- >-void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) >-{ >- if (from == NULL || to == NULL) >- return; >- >- pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); >- pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); >- pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); >- pdb_set_pass_can_change_time(to, >nt_time_to_unix(&from->pass_can_change_time), True); >- pdb_set_pass_must_change_time(to, >nt_time_to_unix(&from->pass_must_change_time), True); >- >- pdb_set_pass_last_set_time(to, >nt_time_to_unix(&from->pass_last_set_time)); >- >- if (from->uni_user_name.buffer) >- pdb_set_username(to , >pdb_unistr2_convert(&from->uni_user_name )); >- if (from->uni_full_name.buffer) >- pdb_set_fullname(to , >pdb_unistr2_convert(&from->uni_full_name )); >- if (from->uni_home_dir.buffer) >- pdb_set_homedir(to , >pdb_unistr2_convert(&from->uni_home_dir ), True); >- if (from->uni_dir_drive.buffer) >- pdb_set_dir_drive(to , >pdb_unistr2_convert(&from->uni_dir_drive ), True); >- if (from->uni_logon_script.buffer) >- pdb_set_logon_script(to , >pdb_unistr2_convert(&from->uni_logon_script), True); >- if (from->uni_profile_path.buffer) >- pdb_set_profile_path(to , >pdb_unistr2_convert(&from->uni_profile_path), True); >- if (from->uni_acct_desc.buffer) >- pdb_set_acct_desc(to , >pdb_unistr2_convert(&from->uni_acct_desc )); >- if (from->uni_workstations.buffer) >- pdb_set_workstations(to , >pdb_unistr2_convert(&from->uni_workstations)); >- if (from->uni_unknown_str.buffer) >- pdb_set_unknown_str(to , >pdb_unistr2_convert(&from->uni_unknown_str )); >- if (from->uni_munged_dial.buffer) >- pdb_set_munged_dial(to , >pdb_unistr2_convert(&from->uni_munged_dial )); >- >- if (from->user_rid) >- pdb_set_user_sid_from_rid(to, from->user_rid); >- if (from->group_rid) >- pdb_set_group_sid_from_rid(to, from->group_rid); >- >- /* FIXME!! Do we need to copy the passwords here as well? >- I don't know. Need to figure this out --jerry */ >- >- /* Passwords dealt with in caller --abartlet */ >- >- pdb_set_acct_ctrl(to, from->acb_info); >- pdb_set_unknown_3(to, from->unknown_3); >- >- pdb_set_logon_divs(to, from->logon_divs); >- pdb_set_hours_len(to, from->logon_hrs.len); >- pdb_set_hours(to, from->logon_hrs.hours); >- >- pdb_set_unknown_5(to, from->unknown_5); >- pdb_set_unknown_6(to, from->unknown_6); >-} >- >- >-/************************************************************* > Change a password entry in the local smbpasswd file. > > FIXME!! The function needs to be abstracted into the >Index: source/passdb/pdb_get_set.c >=================================================================== >RCS file: /data/cvs/samba/source/passdb/pdb_get_set.c,v >retrieving revision 1.14 >diff -u -r1.14 pdb_get_set.c >--- source/passdb/pdb_get_set.c 2002/06/15 12:38:12 1.14 >+++ source/passdb/pdb_get_set.c 2002/06/25 09:08:20 >@@ -172,27 +172,6 @@ > return (NULL); > } > >-uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) >-{ >- uint32 u_rid; >- >- if (sampass) >- if (sid_peek_check_rid(get_global_sam_sid(), >pdb_get_user_sid(sampass),&u_rid)) >- return u_rid; >- >- return (0); >-} >- >-uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) >-{ >- uint32 g_rid; >- >- if (sampass) >- if (sid_peek_check_rid(get_global_sam_sid(), >pdb_get_group_sid(sampass),&g_rid)) >- return g_rid; >- return (0); >-} >- > /** > * Get flags showing what is initalised in the SAM_ACCOUNT > * @param sampass the SAM_ACCOUNT in question >@@ -574,60 +553,6 @@ > DEBUG(1, ("pdb_set_group_sid_from_string: could not set > sid %s on SAM_ACCOUNT!\n", g_sid)); > return False; > } >- return True; >-} >- >-BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) >-{ >- DOM_SID u_sid; >- const DOM_SID *global_sam_sid; >- >- if (!sampass) >- return False; >- >- if (!(global_sam_sid = get_global_sam_sid())) { >- DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read >global sam sid!\n")); >- return False; >- } >- >- sid_copy(&u_sid, global_sam_sid); >- >- if (!sid_append_rid(&u_sid, rid)) >- return False; >- >- if (!pdb_set_user_sid(sampass, &u_sid)) >- return False; >- >- DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from >rid %d\n", >- sid_string_static(&u_sid),rid)); >- >- return True; >-} >- >-BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) >-{ >- DOM_SID g_sid; >- const DOM_SID *global_sam_sid; >- >- if (!sampass) >- return False; >- >- if (!(global_sam_sid = get_global_sam_sid())) { >- DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read >global sam sid!\n")); >- return False; >- } >- >- sid_copy(&g_sid, global_sam_sid); >- >- if (!sid_append_rid(&g_sid, grid)) >- return False; >- >- if (!pdb_set_group_sid(sampass, &g_sid)) >- return False; >- >- DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s >from rid %d\n", >- sid_string_static(&g_sid), grid)); >- > return True; > } > >Index: source/rpc_parse/parse_samr.c >=================================================================== >RCS file: /data/cvs/samba/source/rpc_parse/parse_samr.c,v >retrieving revision 1.148 >diff -u -r1.148 parse_samr.c >--- source/rpc_parse/parse_samr.c 2002/06/18 09:20:10 1.148 >+++ source/rpc_parse/parse_samr.c 2002/06/25 09:08:22 >@@ -1440,7 +1440,8 @@ > ********************************************************************/ > > NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, > uint32 num_entries, >- uint32 start_idx, DISP_USER_INFO *disp_user_info) >+ uint32 start_idx, DISP_USER_INFO *disp_user_info, >+ DOM_SID *domain_sid) > { > uint32 len_sam_name, len_sam_full, len_sam_desc; > uint32 i; >@@ -1468,6 +1469,9 @@ > const char *username; > const char *fullname; > const char *acct_desc; >+ uint32 user_rid; >+ const DOM_SID *user_sid; >+ fstring user_sid_string, >domain_sid_string; > > DEBUG(11, ("init_sam_dispinfo_1: entry: %d\n",i)); > >@@ -1486,14 +1490,25 @@ > if (!acct_desc) > acct_desc = ""; > >+ user_sid = pdb_get_user_sid(pwd); >+ >+ if (!sid_peek_check_rid(user_sid, domain_sid, &user_rid)) { >+ DEBUG(0, ("init_sam_dispinfo_1: User %s has SID >%s, which conflicts with " >+ "the domain sid %s. Failing operation.\n", >+ username, >+ sid_to_string(user_sid_string, user_sid), >+ sid_to_string(domain_sid_string, >domain_sid))); >+ return NT_STATUS_UNSUCCESSFUL; >+ } >+ > len_sam_name = strlen(username); > len_sam_full = strlen(fullname); > len_sam_desc = strlen(acct_desc); > > init_sam_entry1(&sam->sam[i], start_idx + i + 1, > len_sam_name, len_sam_full, len_sam_desc, >- pdb_get_user_rid(pwd), >pdb_get_acct_ctrl(pwd)); >- >+ user_rid, pdb_get_acct_ctrl(pwd)); >+ > ZERO_STRUCTP(&sam->str[i].uni_acct_name); > ZERO_STRUCTP(&sam->str[i].uni_full_name); > ZERO_STRUCTP(&sam->str[i].uni_acct_desc); >@@ -1560,7 +1575,8 @@ > ********************************************************************/ > > NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, > uint32 num_entries, >- uint32 start_idx, DISP_USER_INFO *disp_user_info) >+ uint32 start_idx, DISP_USER_INFO >*disp_user_info, >+ DOM_SID *domain_sid ) > { > uint32 len_sam_name, len_sam_desc; > uint32 i; >@@ -1583,20 +1599,39 @@ > ZERO_STRUCTP(sam->str); > > for (i = 0; i < num_entries; i++) { >+ uint32 user_rid; >+ const DOM_SID *user_sid; >+ const char *username; >+ const char *acct_desc; >+ fstring user_sid_string, >domain_sid_string; >+ > DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i)); > pwd=disp_user_info[i+start_idx].sam; > >- len_sam_name = strlen(pdb_get_username(pwd)); >- len_sam_desc = strlen(pdb_get_acct_desc(pwd)); >+ username = pdb_get_username(pwd); >+ acct_desc = pdb_get_acct_desc(pwd); >+ user_sid = pdb_get_user_sid(pwd); >+ >+ if (!sid_peek_check_rid(user_sid, domain_sid, &user_rid)) { this should be !sid_peek_check_rid(domain_sid,user_sid,&user_rid) >+ DEBUG(0, ("init_sam_dispinfo_2: User %s has SID >%s, which conflicts with " >+ "the domain sid %s. Failing operation.\n", >+ username, >+ sid_to_string(user_sid_string, user_sid), >+ sid_to_string(domain_sid_string, >domain_sid))); >+ return NT_STATUS_UNSUCCESSFUL; >+ } >+ >+ len_sam_name = strlen(username); >+ len_sam_desc = strlen(acct_desc); > > init_sam_entry2(&sam->sam[i], start_idx + i + 1, > len_sam_name, len_sam_desc, >- pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd)); >+ user_rid, pdb_get_acct_ctrl(pwd)); > > ZERO_STRUCTP(&sam->str[i].uni_srv_name); > ZERO_STRUCTP(&sam->str[i].uni_srv_desc); > >- init_unistr2(&sam->str[i].uni_srv_name, >pdb_get_username(pwd), len_sam_name); >+ init_unistr2(&sam->str[i].uni_srv_name, >username, len_sam_name); > init_unistr2(&sam->str[i].uni_srv_desc, > pdb_get_acct_desc(pwd), len_sam_desc); > } > >@@ -5844,7 +5879,7 @@ > > *************************************************************************/ > >-void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) >+NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, >DOM_SID *domain_sid) > { > NTTIME logon_time, logoff_time, kickoff_time, > pass_last_set_time, pass_can_change_time, >@@ -5865,6 +5900,12 @@ > const char* workstations = pdb_get_workstations(pw); > const char* munged_dial = pdb_get_munged_dial(pw); > >+ uint32 user_rid; >+ const DOM_SID *user_sid; >+ >+ uint32 group_rid; >+ const DOM_SID *group_sid; >+ > len_user_name = user_name != NULL ? strlen(user_name )+1 : 0; > len_full_name = full_name != NULL ? strlen(full_name )+1 : 0; > len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0; >@@ -5906,9 +5947,35 @@ > > ZERO_STRUCT(usr->nt_pwd); > ZERO_STRUCT(usr->lm_pwd); >+ >+ user_sid = pdb_get_user_sid(pw); >+ >+ if (!sid_peek_check_rid(user_sid, domain_sid, &user_rid)) { this should be (!sid_peek_check_rid(domain_sid, user_sid, &user_rid) >+ fstring user_sid_string; >+ fstring domain_sid_string; >+ DEBUG(0, ("init_sam_user_info_21A: User %s has SID %s, >which conflicts with " >+ "the domain sid %s. Failing operation.\n", >+ user_name, >+ sid_to_string(user_sid_string, user_sid), >+ sid_to_string(domain_sid_string, domain_sid))); >+ return NT_STATUS_UNSUCCESSFUL; >+ } >+ >+ group_sid = pdb_get_group_sid(pw); >+ >+ if (!sid_peek_check_rid(group_sid, domain_sid, &group_rid)) { >+ fstring group_sid_string; >+ fstring domain_sid_string; >+ DEBUG(0, ("init_sam_user_info_21A: User %s has Primary >Group SID %s, \nwhich conflicts with " >+ "the domain sid %s. Failing operation.\n", >+ user_name, >+ sid_to_string(group_sid_string, group_sid), >+ sid_to_string(domain_sid_string, domain_sid))); >+ return NT_STATUS_UNSUCCESSFUL; >+ } > >- usr->user_rid = pdb_get_user_rid(pw); >- usr->group_rid = pdb_get_group_rid(pw); >+ usr->user_rid = user_rid; >+ usr->group_rid = group_rid; > usr->acb_info = pdb_get_acct_ctrl(pw); > usr->unknown_3 = pdb_get_unknown3(pw); > >@@ -5937,6 +6004,8 @@ > memcpy(&usr->logon_hrs.hours, pdb_get_hours(pw), > MAX_HOURS_LEN); > } else > memset(&usr->logon_hrs, 0xff, sizeof(usr->logon_hrs)); >+ >+ return NT_STATUS_OK; > } > > /******************************************************************* >Index: source/rpc_server/srv_samr_nt.c >=================================================================== >RCS file: /data/cvs/samba/source/rpc_server/srv_samr_nt.c,v >retrieving revision 1.97 >diff -u -r1.97 srv_samr_nt.c >--- source/rpc_server/srv_samr_nt.c 2002/06/18 09:20:12 1.97 >+++ source/rpc_server/srv_samr_nt.c 2002/06/25 09:08:25 >@@ -126,19 +126,6 @@ > Ensure password info is never given out. Paranioa... JRA. > ********************************************************************/ > >-static void samr_clear_passwd_fields( SAM_USER_INFO_21 *pass, int >num_entries) >-{ >- int i; >- >- if (!pass) >- return; >- >- for (i = 0; i < num_entries; i++) { >- memset(&pass[i].lm_pwd, '\0', sizeof(pass[i].lm_pwd)); >- memset(&pass[i].nt_pwd, '\0', sizeof(pass[i].nt_pwd)); >- } >-} >- > static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass) > { > >@@ -267,103 +254,6 @@ > > > /******************************************************************* >- This next function should be replaced with something that >- dynamically returns the correct user info..... JRA. >- ********************************************************************/ >- >-static NTSTATUS get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, >- int *total_entries, int *num_entries, >- int max_num_entries, uint16 acb_mask) >-{ >- SAM_ACCOUNT *pwd = NULL; >- BOOL not_finished = True; >- NTSTATUS nt_status; >- >- (*num_entries) = 0; >- (*total_entries) = 0; >- >- if (pw_buf == NULL) >- return NT_STATUS_NO_MEMORY; >- >- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) { >- return nt_status; >- } >- >- if (!pdb_setsampwent(False)) { >- DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); >- pdb_free_sam(&pwd); >- return NT_STATUS_ACCESS_DENIED; >- } >- >- while (((not_finished = pdb_getsampwent(pwd)) != False) >- && (*num_entries) < max_num_entries) >- { >- int user_name_len; >- const char *user_name; >- >- if (start_idx > 0) { >- >- pdb_free_sam(&pwd); >- >- if (!NT_STATUS_IS_OK(nt_status = >pdb_init_sam(&pwd))) { >- pdb_endsampwent(); >- return nt_status; >- } >- >- /* skip the requested number of entries. >- not very efficient, but hey... */ >- start_idx--; >- continue; >- } >- >- user_name = pdb_get_username(pwd); >- >- if (!user_name) { >- DEBUG(2, ("account had NULL username!\n")); >- } else if (!(acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & >acb_mask))) { >- DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); >- } else { >- DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); >- >- user_name_len = strlen(user_name)+1; >- >init_unistr2(&pw_buf[(*num_entries)].uni_user_name, user_name, user_name_len); >- >init_uni_hdr(&pw_buf[(*num_entries)].hdr_user_name, user_name_len); >- pw_buf[(*num_entries)].user_rid = >pdb_get_user_rid(pwd); >- memset((char *)pw_buf[(*num_entries)].nt_pwd, >'\0', 16); >- >- /* Now check if the NT compatible password is >available. */ >- if (pdb_get_nt_passwd(pwd)) >- memcpy( pw_buf[(*num_entries)].nt_pwd , >pdb_get_nt_passwd(pwd), 16); >- >- pw_buf[(*num_entries)].acb_info = >pdb_get_acct_ctrl(pwd); >- >- DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", >- (*num_entries), pdb_get_username(pwd), >pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) )); >- >- (*num_entries)++; >- } >- >- (*total_entries)++; >- >- pdb_free_sam(&pwd); >- >- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) { >- pdb_endsampwent(); >- return nt_status; >- } >- >- } >- >- pdb_endsampwent(); >- pdb_free_sam(&pwd); >- >- if (not_finished) >- return STATUS_MORE_ENTRIES; >- else >- return NT_STATUS_OK; >-} >- >-/******************************************************************* > _samr_close_hnd > ********************************************************************/ > >@@ -526,70 +416,119 @@ > makes a SAM_ENTRY / UNISTR2* structure from a user list. > ********************************************************************/ > >-static void make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, >UNISTR2 **uni_name_pp, >- uint32 num_sam_entries, SAM_USER_INFO_21 *pass) >+static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY >**sam_pp, UNISTR2 **uni_name_pp, >+ uint32 num_entries, uint32 >start_idx, DISP_USER_INFO *disp_user_info, >+ DOM_SID *domain_sid) > { > uint32 i; > SAM_ENTRY *sam; > UNISTR2 *uni_name; >- >+ SAM_ACCOUNT *pwd = NULL; >+ UNISTR2 uni_temp_name; >+ const char *temp_name; >+ const DOM_SID *user_sid; >+ uint32 user_rid; >+ fstring user_sid_string; >+ fstring domain_sid_string; >+ > *sam_pp = NULL; > *uni_name_pp = NULL; > >- if (num_sam_entries == 0) >- return; >+ if (num_entries == 0) >+ return NT_STATUS_OK; > >- sam = (SAM_ENTRY *)talloc_zero(ctx, >sizeof(SAM_ENTRY)*num_sam_entries); >+ sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_entries); > >- uni_name = (UNISTR2 *)talloc_zero(ctx, >sizeof(UNISTR2)*num_sam_entries); >+ uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_entries); > > if (sam == NULL || uni_name == NULL) { >- DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); >- return; >+ DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n")); >+ return NT_STATUS_NO_MEMORY; > } > >- ZERO_STRUCTP(sam); >- ZERO_STRUCTP(uni_name); >- >- for (i = 0; i < num_sam_entries; i++) { >- int len = pass[i].uni_user_name.uni_str_len; >+ for (i = 0; i < num_entries; i++) { >+ int len = uni_temp_name.uni_str_len; >+ >+ pwd = disp_user_info[i+start_idx].sam; >+ temp_name = pdb_get_username(pwd); >+ init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1); >+ user_sid = pdb_get_user_sid(pwd); >+ >+ if (!sid_peek_check_rid(user_sid, domain_sid, &user_rid)) { this should be if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) >+ DEBUG(0, ("make_user_sam_entry_list: User %s has >SID %s, which conflicts with " >+ "the domain sid %s. Failing operation.\n", >+ temp_name, >+ sid_to_string(user_sid_string, user_sid), >+ sid_to_string(domain_sid_string, >domain_sid))); >+ return NT_STATUS_UNSUCCESSFUL; >+ } > >- init_sam_entry(&sam[i], len, pass[i].user_rid); >- copy_unistr2(&uni_name[i], &pass[i].uni_user_name); >+ init_sam_entry(&sam[i], len, user_rid); >+ copy_unistr2(&uni_name[i], &uni_temp_name); > } > > *sam_pp = sam; > *uni_name_pp = uni_name; >+ return NT_STATUS_OK; > } > > /******************************************************************* > samr_reply_enum_dom_users > ********************************************************************/ > >-NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS >*q_u, SAMR_R_ENUM_DOM_USERS *r_u) >+NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, >+ SAMR_R_ENUM_DOM_USERS *r_u) > { >- SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; >- int num_entries = 0; >- int total_entries = 0; >+ struct samr_info *info = NULL; >+ uint32 struct_size=0x20; /* W2K always reply that, client doesn't >care */ >+ int num_account; >+ uint32 enum_context=q_u->start_idx; >+ uint32 max_size=q_u->max_size; >+ uint32 temp_size; >+ enum remote_arch_types ra_type = get_remote_arch(); >+ int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 >: MAX_SAM_ENTRIES_W2K; >+ uint32 max_entries = max_sam_entries; >+ DOM_SID domain_sid; > > r_u->status = NT_STATUS_OK; > > /* find the policy handle. open a policy on it. */ >- if (!find_policy_by_hnd(p, &q_u->pol, NULL)) >+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) > return NT_STATUS_INVALID_HANDLE; > >+ if (!get_lsa_policy_samr_sid(p, &q_u->pol, &domain_sid)) >+ return NT_STATUS_INVALID_HANDLE; >+ > DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); > > become_root(); >- r_u->status = get_sampwd_entries(pass, q_u->start_idx, >&total_entries, &num_entries, >- >MAX_SAM_ENTRIES, q_u->acb_mask); >+ r_u->status=load_sampwd_entries(info, q_u->acb_mask); > unbecome_root(); >- >- if (NT_STATUS_IS_ERR(r_u->status)) >+ >+ if (!NT_STATUS_IS_OK(r_u->status)) > return r_u->status; > >- samr_clear_passwd_fields(pass, num_entries); >+ num_account = info->disp_info.num_user_account; > >+ if (enum_context > num_account) { >+ DEBUG(5, ("_samr_enum_dom_users: enumeration handle over >total entries\n")); >+ return NT_STATUS_OK; >+ } >+ >+ /* verify we won't overflow */ >+ if (max_entries > num_account-enum_context) { >+ max_entries = num_account-enum_context; >+ DEBUG(5, ("_samr_enum_dom_users: only %d entries to >return\n", max_entries)); >+ } >+ >+ /* calculate the size and limit on the number of entries we will >return */ >+ temp_size=max_entries*struct_size; >+ >+ if (temp_size>max_size) { >+ max_entries=MIN((max_size/struct_size),max_entries);; >+ DEBUG(5, ("_samr_enum_dom_users: buffer size limits to >only %d entries\n", max_entries)); >+ } >+ > /* > * Note from JRA. total_entries is not being used here. Currently > if there is a > * large user base then it looks like NT will enumerate until > get_sampwd_entries >@@ -603,10 +542,21 @@ > * value (again I think this is wrong). > */ > >- make_user_sam_entry_list(p->mem_ctx, &r_u->sam, >&r_u->uni_acct_name, num_entries, pass); >+ r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam, >&r_u->uni_acct_name, >+ max_entries, enum_context, >+ info->disp_info.disp_user_info, >+ &domain_sid); >+ >+ if (!NT_STATUS_IS_OK(r_u->status)) >+ return r_u->status; >+ >+ if (enum_context+max_entries < num_account) >+ r_u->status = STATUS_MORE_ENTRIES; > >- init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_entries, >num_entries); >+ DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__)); > >+ init_samr_r_enum_dom_users(r_u, q_u->start_idx + max_entries, >max_entries); >+ > DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); > > return r_u->status; >@@ -891,7 +841,8 @@ > /******************************************************************* > samr_reply_query_dispinfo > ********************************************************************/ >-NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO >*q_u, SAMR_R_QUERY_DISPINFO *r_u) >+NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, >+ SAMR_R_QUERY_DISPINFO *r_u) > { > struct samr_info *info = NULL; > uint32 struct_size=0x20; /* W2K always reply that, client doesn't > care */ >@@ -906,9 +857,8 @@ > NTSTATUS disp_ret; > uint32 num_account = 0; > enum remote_arch_types ra_type = get_remote_arch(); >- int max_sam_entries; >- >- max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : >MAX_SAM_ENTRIES_W2K; >+ int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 >: MAX_SAM_ENTRIES_W2K; >+ DOM_SID domain_sid; > > DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__)); > r_u->status = NT_STATUS_OK; >@@ -917,6 +867,9 @@ > if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) > return NT_STATUS_INVALID_HANDLE; > >+ if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &domain_sid)) >+ return NT_STATUS_INVALID_HANDLE; >+ > /* > * calculate how many entries we will return. > * based on >@@ -1015,7 +968,8 @@ > if (!(ctr->sam.info1 = (SAM_DISPINFO_1 > *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_1)))) > return NT_STATUS_NO_MEMORY; > } >- disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, >max_entries, enum_context, info->disp_info.disp_user_info); >+ disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, >max_entries, enum_context, >+ >info->disp_info.disp_user_info, &domain_sid); > if (!NT_STATUS_IS_OK(disp_ret)) > return disp_ret; > break; >@@ -1024,7 +978,8 @@ > if (!(ctr->sam.info2 = (SAM_DISPINFO_2 > *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_2)))) > return NT_STATUS_NO_MEMORY; > } >- disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, >max_entries, enum_context, info->disp_info.disp_user_info); >+ disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, >max_entries, enum_context, >+ >info->disp_info.disp_user_info, &domain_sid); > if (!NT_STATUS_IS_OK(disp_ret)) > return disp_ret; > break; >@@ -1582,7 +1537,8 @@ > get_user_info_21 > *************************************************************************/ > >-static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 >*id21, DOM_SID *user_sid) >+static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 >*id21, >+ DOM_SID *user_sid, DOM_SID *domain_sid) > { > SAM_ACCOUNT *sampass=NULL; > BOOL ret; >@@ -1607,7 +1563,7 @@ > DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); > > ZERO_STRUCTP(id21); >- init_sam_user_info21A(id21, sampass); >+ nt_status = init_sam_user_info21A(id21, sampass, domain_sid); > > pdb_free_sam(&sampass); > >@@ -1622,6 +1578,7 @@ > { > SAM_USERINFO_CTR *ctr; > struct samr_info *info = NULL; >+ DOM_SID domain_sid; > > r_u->status=NT_STATUS_OK; > >@@ -1629,6 +1586,9 @@ > if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) > return NT_STATUS_INVALID_HANDLE; > >+ if (!get_lsa_policy_samr_sid(p, &q_u->pol, &domain_sid)) >+ return NT_STATUS_INVALID_HANDLE; >+ > if (!sid_check_is_in_our_domain(&info->sid)) > return NT_STATUS_OBJECT_TYPE_MISMATCH; > >@@ -1700,7 +1660,8 @@ > ctr->info.id21 = (SAM_USER_INFO_21 > *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21)); > if (ctr->info.id21 == NULL) > return NT_STATUS_NO_MEMORY; >- if (!NT_STATUS_IS_OK(r_u->status = >get_user_info_21(p->mem_ctx, ctr->info.id21, &info->sid))) >+ if (!NT_STATUS_IS_OK(r_u->status = >get_user_info_21(p->mem_ctx, ctr->info.id21, >+ >&info->sid, &domain_sid))) > return r_u->status; > break; > >--- /dev/null Fri Apr 12 00:25:15 2002 >+++ source/passdb/pdb_compat.c Tue Jun 25 00:22:03 2002 >@@ -0,0 +1,104 @@ >+/* >+ Unix SMB/CIFS implementation. >+ SAM_ACCOUNT access routines >+ Copyright (C) Jeremy Allison 1996-2001 >+ Copyright (C) Luke Kenneth Casson Leighton 1996-1998 >+ Copyright (C) Gerald (Jerry) Carter 2000-2001 >+ Copyright (C) Andrew Bartlett 2001-2002 >+ Copyright (C) Stefan (metze) Metzmacher 2002 >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 2 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program; if not, write to the Free Software >+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. >+*/ >+ >+#include "includes.h" >+ >+#undef DBGC_CLASS >+#define DBGC_CLASS DBGC_PASSDB >+ >+uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) >+{ >+ uint32 u_rid; >+ >+ if (sampass) >+ if (sid_peek_check_rid(get_global_sam_sid(), >pdb_get_user_sid(sampass),&u_rid)) >+ return u_rid; >+ >+ return (0); >+} >+ >+uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) >+{ >+ uint32 g_rid; >+ >+ if (sampass) >+ if (sid_peek_check_rid(get_global_sam_sid(), >pdb_get_group_sid(sampass),&g_rid)) >+ return g_rid; >+ return (0); >+} >+ >+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) >+{ >+ DOM_SID u_sid; >+ const DOM_SID *global_sam_sid; >+ >+ if (!sampass) >+ return False; >+ >+ if (!(global_sam_sid = get_global_sam_sid())) { >+ DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read >global sam sid!\n")); >+ return False; >+ } >+ >+ sid_copy(&u_sid, global_sam_sid); >+ >+ if (!sid_append_rid(&u_sid, rid)) >+ return False; >+ >+ if (!pdb_set_user_sid(sampass, &u_sid)) >+ return False; >+ >+ DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from >rid %d\n", >+ sid_string_static(&u_sid),rid)); >+ >+ return True; >+} >+ >+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) >+{ >+ DOM_SID g_sid; >+ const DOM_SID *global_sam_sid; >+ >+ if (!sampass) >+ return False; >+ >+ if (!(global_sam_sid = get_global_sam_sid())) { >+ DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read >global sam sid!\n")); >+ return False; >+ } >+ >+ sid_copy(&g_sid, global_sam_sid); >+ >+ if (!sid_append_rid(&g_sid, grid)) >+ return False; >+ >+ if (!pdb_set_group_sid(sampass, &g_sid)) >+ return False; >+ >+ DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s >from rid %d\n", >+ sid_string_static(&g_sid), grid)); >+ >+ return True; >+} >+ >--- /dev/null Fri Apr 12 00:25:15 2002 >+++ source/rpc_server/srv_samr_util.c Mon Jun 24 19:47:49 2002 >@@ -0,0 +1,143 @@ >+/* >+ Unix SMB/CIFS implementation. >+ SAMR Pipe utility functions. >+ Copyright (C) Jeremy Allison 1996-2001 >+ Copyright (C) Luke Kenneth Casson Leighton 1996-1998 >+ Copyright (C) Gerald (Jerry) Carter 2000-2001 >+ Copyright (C) Andrew Bartlett 2001-2002 >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 2 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program; if not, write to the Free Software >+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. >+*/ >+ >+#include "includes.h" >+ >+#undef DBGC_CLASS >+#define DBGC_CLASS DBGC_RPC_SRV >+ >+/************************************************************* >+ Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT >+ **************************************************************/ >+ >+void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) >+{ >+ >+ if (from == NULL || to == NULL) >+ return; >+ >+ pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); >+ pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); >+ pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); >+ pdb_set_pass_can_change_time(to, >nt_time_to_unix(&from->pass_can_change_time), True); >+ pdb_set_pass_must_change_time(to, >nt_time_to_unix(&from->pass_must_change_time), True); >+ >+ pdb_set_pass_last_set_time(to, >nt_time_to_unix(&from->pass_last_set_time)); >+ >+ if (from->uni_user_name.buffer) >+ pdb_set_username(to , >pdb_unistr2_convert(&from->uni_user_name )); >+ if (from->uni_full_name.buffer) >+ pdb_set_fullname(to , >pdb_unistr2_convert(&from->uni_full_name )); >+ if (from->uni_home_dir.buffer) >+ pdb_set_homedir(to , >pdb_unistr2_convert(&from->uni_home_dir ), True); >+ if (from->uni_dir_drive.buffer) >+ pdb_set_dir_drive(to , >pdb_unistr2_convert(&from->uni_dir_drive ), True); >+ if (from->uni_logon_script.buffer) >+ pdb_set_logon_script(to , >pdb_unistr2_convert(&from->uni_logon_script), True); >+ if (from->uni_profile_path.buffer) >+ pdb_set_profile_path(to , >pdb_unistr2_convert(&from->uni_profile_path), True); >+ if (from->uni_acct_desc.buffer) >+ pdb_set_acct_desc(to , >pdb_unistr2_convert(&from->uni_acct_desc )); >+ if (from->uni_workstations.buffer) >+ pdb_set_workstations(to , >pdb_unistr2_convert(&from->uni_workstations)); >+ if (from->uni_unknown_str.buffer) >+ pdb_set_unknown_str(to , >pdb_unistr2_convert(&from->uni_unknown_str )); >+ if (from->uni_munged_dial.buffer) >+ pdb_set_munged_dial(to , >pdb_unistr2_convert(&from->uni_munged_dial )); >+ >+ if (from->user_rid) >+ pdb_set_user_sid_from_rid(to, from->user_rid); >+ if (from->group_rid) >+ pdb_set_group_sid_from_rid(to, from->group_rid); >+ >+ pdb_set_acct_ctrl(to, from->acb_info); >+ pdb_set_unknown_3(to, from->unknown_3); >+ >+ pdb_set_logon_divs(to, from->logon_divs); >+ pdb_set_hours_len(to, from->logon_hrs.len); >+ pdb_set_hours(to, from->logon_hrs.hours); >+ >+ pdb_set_unknown_5(to, from->unknown_5); >+ pdb_set_unknown_6(to, from->unknown_6); >+} >+ >+ >+/************************************************************* >+ Copies a sam passwd. >+ **************************************************************/ >+ >+void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) >+{ >+ if (from == NULL || to == NULL) >+ return; >+ >+ pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); >+ pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); >+ pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); >+ pdb_set_pass_can_change_time(to, >nt_time_to_unix(&from->pass_can_change_time), True); >+ pdb_set_pass_must_change_time(to, >nt_time_to_unix(&from->pass_must_change_time), True); >+ >+ pdb_set_pass_last_set_time(to, >nt_time_to_unix(&from->pass_last_set_time)); >+ >+ if (from->uni_user_name.buffer) >+ pdb_set_username(to , >pdb_unistr2_convert(&from->uni_user_name )); >+ if (from->uni_full_name.buffer) >+ pdb_set_fullname(to , >pdb_unistr2_convert(&from->uni_full_name )); >+ if (from->uni_home_dir.buffer) >+ pdb_set_homedir(to , >pdb_unistr2_convert(&from->uni_home_dir ), True); >+ if (from->uni_dir_drive.buffer) >+ pdb_set_dir_drive(to , >pdb_unistr2_convert(&from->uni_dir_drive ), True); >+ if (from->uni_logon_script.buffer) >+ pdb_set_logon_script(to , >pdb_unistr2_convert(&from->uni_logon_script), True); >+ if (from->uni_profile_path.buffer) >+ pdb_set_profile_path(to , >pdb_unistr2_convert(&from->uni_profile_path), True); >+ if (from->uni_acct_desc.buffer) >+ pdb_set_acct_desc(to , >pdb_unistr2_convert(&from->uni_acct_desc )); >+ if (from->uni_workstations.buffer) >+ pdb_set_workstations(to , >pdb_unistr2_convert(&from->uni_workstations)); >+ if (from->uni_unknown_str.buffer) >+ pdb_set_unknown_str(to , >pdb_unistr2_convert(&from->uni_unknown_str )); >+ if (from->uni_munged_dial.buffer) >+ pdb_set_munged_dial(to , >pdb_unistr2_convert(&from->uni_munged_dial )); >+ >+ if (from->user_rid) >+ pdb_set_user_sid_from_rid(to, from->user_rid); >+ if (from->group_rid) >+ pdb_set_group_sid_from_rid(to, from->group_rid); >+ >+ /* FIXME!! Do we need to copy the passwords here as well? >+ I don't know. Need to figure this out --jerry */ >+ >+ /* Passwords dealt with in caller --abartlet */ >+ >+ pdb_set_acct_ctrl(to, from->acb_info); >+ pdb_set_unknown_3(to, from->unknown_3); >+ >+ pdb_set_logon_divs(to, from->logon_divs); >+ pdb_set_hours_len(to, from->logon_hrs.len); >+ pdb_set_hours(to, from->logon_hrs.hours); >+ >+ pdb_set_unknown_5(to, from->unknown_5); >+ pdb_set_unknown_6(to, from->unknown_6); >+} >+ metze ----------------------------------------------------------------------------- Stefan "metze" Metzmacher <[EMAIL PROTECTED]>