summaryrefslogtreecommitdiff
path: root/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c
diff options
context:
space:
mode:
authoras200622 <none@none>2008-01-05 20:52:22 -0800
committeras200622 <none@none>2008-01-05 20:52:22 -0800
commitdc20a3024900c47dd2ee44b9707e6df38f7d62a5 (patch)
treee0957e6b6d6b5c0117800046c765b78d69f80ce1 /usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c
parentbda89588bd7667394a834e8a9a34612cce2ae9c3 (diff)
downloadillumos-gate-dc20a3024900c47dd2ee44b9707e6df38f7d62a5.tar.gz
6560095 SNAS shows SIDs for Built-in Groups members instead of name
6582153 SMB signing and sealing (redirector) 6582192 Remove SMB config cache 6582210 Consistent Logging Strategy 6582214 Unified error reporting strategy 6593360 Confusing log message: [ID 334764 user.error] Ads is not enable 6597854 The shares are not accessible if doing Run \\ip-addr 6610587 RPC-WINREG test has failed on smbtorture. 6610650 Workgroup: authentication problem when client's LM level > 2 6611277 Should not be able to join domain when Snas ipc-mode=anon and W2K DC IPC=No access without anonymous 6613675 Creating a file with DOS readonly bit set requires special handling 6626113 libshare_smb leaks file descriptor on unload 6626119 libshare_smb leaks file descriptor on door call failure 6626126 libsmb configuration leaks memory 6629314 smbd logging forgets newlines, creating a mess 6629954 smb local group support should be re-enabled 6630424 libshare having trouble starting smb/server 6631739 rdr_ipcmode does change to "Fallback,anon". 6631985 SMB daemon doesn't locate a new ADS server if ads_site property has been modified. 6631987 SMB daemon reads /etc/resolv.conf once when it starts up. 6633202 smbfs client caused CIFS server panic 6635175 lint error reported when building smbsrv module when either mars or ceres lint was used 6636763 Get core if using sharemgr set-share -r with nonexistent share 6640934 libshare tries to enable smb service if any filesystem is shared over smb 6641051 The CIFS server needs to use the VFS nbmand mechanism for system-wide share reservations 6642047 Changes to SMF properties of the CIFS service - PSARC/2007/686 6642302 Do not add null when marshalling non-null-terminated NDR strings 6642368 Cross protocol byte range locking is needed --HG-- rename : usr/src/lib/smbsrv/libmlsvc/common/mlsvc_handle.c => deleted_files/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_handle.c rename : usr/src/lib/smbsrv/libsmb/common/smb_group_door_encdec.c => deleted_files/usr/src/lib/smbsrv/libsmb/common/smb_group_door_encdec.c rename : usr/src/lib/smbsrv/libsmb/common/smb_group_xdr.c => deleted_files/usr/src/lib/smbsrv/libsmb/common/smb_group_xdr.c rename : usr/src/lib/smbsrv/libmlrpc/common/mlrpc_client.c => usr/src/lib/smbsrv/libmlrpc/common/ndr_client.c rename : usr/src/lib/smbsrv/libmlrpc/common/mlrpc_heap.c => usr/src/lib/smbsrv/libmlrpc/common/ndr_heap.c rename : usr/src/lib/smbsrv/libmlrpc/common/mlrpc_encdec.c => usr/src/lib/smbsrv/libmlrpc/common/ndr_marshal.c rename : usr/src/lib/smbsrv/libmlrpc/common/mlndo.c => usr/src/lib/smbsrv/libmlrpc/common/ndr_ops.c rename : usr/src/lib/smbsrv/libmlrpc/common/mlndr.c => usr/src/lib/smbsrv/libmlrpc/common/ndr_process.c rename : usr/src/lib/smbsrv/libmlrpc/common/mlrpc_server.c => usr/src/lib/smbsrv/libmlrpc/common/ndr_server.c rename : usr/src/lib/smbsrv/libmlrpc/common/mlrpc_svc.c => usr/src/lib/smbsrv/libmlrpc/common/ndr_svc.c
Diffstat (limited to 'usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c')
-rw-r--r--usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c804
1 files changed, 443 insertions, 361 deletions
diff --git a/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c b/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c
index 6d22e62127..3be04d2a50 100644
--- a/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c
+++ b/usr/src/lib/smbsrv/libmlsvc/common/mlsvc_sam.c
@@ -19,7 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -47,28 +47,31 @@
#include <smbsrv/samlib.h>
/*
- * The keys associated with the various handles dispensed
- * by the SAMR server. These keys can be used to validate
- * client activity. These values are never passed over
- * the network so security shouldn't be an issue.
+ * The keys associated with the various handles dispensed by the SAMR
+ * server. These keys can be used to validate client activity.
+ * These values are never passed over the wire so security shouldn't
+ * be an issue.
*/
-#define SAMR_CONNECT_KEY "SamrConnect"
-#define SAMR_DOMAIN_KEY "SamrDomain"
-#define SAMR_USER_KEY "SamrUser"
-#define SAMR_GROUP_KEY "SamrGroup"
-#define SAMR_ALIAS_KEY "SamrAlias"
-
-/*
- * Domain discriminator values. Set the top bit to try
- * to distinguish these values from user and group ids.
- */
-#define SAMR_DATABASE_DOMAIN 0x80000001
-#define SAMR_LOCAL_DOMAIN 0x80000002
-#define SAMR_BUILTIN_DOMAIN 0x80000003
-#define SAMR_PRIMARY_DOMAIN 0x80000004
-
+typedef enum {
+ SAMR_KEY_NULL = 0,
+ SAMR_KEY_CONNECT,
+ SAMR_KEY_DOMAIN,
+ SAMR_KEY_USER,
+ SAMR_KEY_GROUP,
+ SAMR_KEY_ALIAS
+} samr_key_t;
+
+typedef struct samr_keydata {
+ samr_key_t kd_key;
+ nt_domain_type_t kd_type;
+ DWORD kd_rid;
+} samr_keydata_t;
+
+static ndr_hdid_t *samr_hdalloc(ndr_xa_t *, samr_key_t, nt_domain_type_t,
+ DWORD);
+static void samr_hdfree(ndr_xa_t *, ndr_hdid_t *);
+static ndr_handle_t *samr_hdlookup(ndr_xa_t *, ndr_hdid_t *, samr_key_t);
static int samr_call_stub(struct mlrpc_xaction *mxa);
-
static DWORD samr_s_enum_local_domains(struct samr_EnumLocalDomain *,
struct mlrpc_xaction *);
@@ -115,6 +118,60 @@ samr_call_stub(struct mlrpc_xaction *mxa)
}
/*
+ * Handle allocation wrapper to setup the local context.
+ */
+static ndr_hdid_t *
+samr_hdalloc(ndr_xa_t *mxa, samr_key_t key, nt_domain_type_t domain_type,
+ DWORD rid)
+{
+ samr_keydata_t *data;
+
+ if ((data = malloc(sizeof (samr_keydata_t))) == NULL)
+ return (NULL);
+
+ data->kd_key = key;
+ data->kd_type = domain_type;
+ data->kd_rid = rid;
+
+ return (ndr_hdalloc(mxa, data));
+}
+
+/*
+ * Handle deallocation wrapper to free the local context.
+ */
+static void
+samr_hdfree(ndr_xa_t *mxa, ndr_hdid_t *id)
+{
+ ndr_handle_t *hd;
+
+ if ((hd = ndr_hdlookup(mxa, id)) != NULL) {
+ free(hd->nh_data);
+ ndr_hdfree(mxa, id);
+ }
+}
+
+/*
+ * Handle lookup wrapper to validate the local context.
+ */
+static ndr_handle_t *
+samr_hdlookup(ndr_xa_t *mxa, ndr_hdid_t *id, samr_key_t key)
+{
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
+
+ if ((hd = ndr_hdlookup(mxa, id)) == NULL)
+ return (NULL);
+
+ if ((data = (samr_keydata_t *)hd->nh_data) == NULL)
+ return (NULL);
+
+ if (data->kd_key != key)
+ return (NULL);
+
+ return (hd);
+}
+
+/*
* samr_s_ConnectAnon
*
* This is a request to connect to the local SAM database. We don't
@@ -124,44 +181,38 @@ samr_call_stub(struct mlrpc_xaction *mxa)
*
* Return a handle for use with subsequent SAM requests.
*/
-/*ARGSUSED*/
static int
samr_s_ConnectAnon(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_ConnectAnon *param = arg;
- ms_handle_t *handle;
+ ndr_hdid_t *id;
- handle = mlsvc_get_handle(MLSVC_IFSPEC_SAMR, SAMR_CONNECT_KEY,
- SAMR_DATABASE_DOMAIN);
- bcopy(handle, &param->handle, sizeof (samr_handle_t));
+ id = samr_hdalloc(mxa, SAMR_KEY_CONNECT, NT_DOMAIN_NULL, 0);
+ if (id) {
+ bcopy(id, &param->handle, sizeof (samr_handle_t));
+ param->status = 0;
+ } else {
+ bzero(&param->handle, sizeof (samr_handle_t));
+ param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
+ }
- param->status = 0;
return (MLRPC_DRC_OK);
}
/*
* samr_s_CloseHandle
*
- * This is a request to close the SAM interface specified by the handle.
+ * Close the SAM interface specified by the handle.
* Free the handle and zero out the result handle for the client.
- *
- * We could do some checking here but it probably doesn't matter.
*/
-/*ARGSUSED*/
static int
samr_s_CloseHandle(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_CloseHandle *param = arg;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
-#ifdef SAMR_S_DEBUG
- if (mlsvc_lookup_handle((ms_handle_t *)&param->handle) == 0) {
- bzero(&param->result_handle, sizeof (samr_handle_t));
- param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
- return (MLRPC_DRC_OK);
- }
-#endif /* SAMR_S_DEBUG */
+ samr_hdfree(mxa, id);
- (void) mlsvc_put_handle((ms_handle_t *)&param->handle);
bzero(&param->result_handle, sizeof (samr_handle_t));
param->status = 0;
return (MLRPC_DRC_OK);
@@ -179,9 +230,8 @@ static int
samr_s_LookupDomain(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_LookupDomain *param = arg;
- char resource_domain[MAXHOSTNAMELEN];
+ char resource_domain[SMB_PI_MAX_DOMAIN];
char *domain_name;
- char *p;
nt_sid_t *sid = NULL;
if ((domain_name = (char *)param->domain_name.str) == NULL) {
@@ -190,11 +240,7 @@ samr_s_LookupDomain(void *arg, struct mlrpc_xaction *mxa)
return (MLRPC_DRC_OK);
}
- smb_config_rdlock();
- p = smb_config_getstr(SMB_CI_DOMAIN_NAME);
- (void) strlcpy(resource_domain, p, MAXHOSTNAMELEN);
- smb_config_unlock();
-
+ (void) smb_getdomainname(resource_domain, SMB_PI_MAX_DOMAIN);
if (mlsvc_is_local_domain(domain_name) == 1) {
sid = nt_sid_dup(nt_domain_local_sid());
} else if (strcasecmp(resource_domain, domain_name) == 0) {
@@ -237,12 +283,10 @@ static int
samr_s_EnumLocalDomains(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_EnumLocalDomain *param = arg;
- ms_handle_t *handle;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
DWORD status;
- handle = (ms_handle_t *)&param->handle;
-
- if (mlsvc_validate_handle(handle, SAMR_CONNECT_KEY) == 0)
+ if (samr_hdlookup(mxa, id, SAMR_KEY_CONNECT) == NULL)
status = NT_STATUS_ACCESS_DENIED;
else
status = samr_s_enum_local_domains(param, mxa);
@@ -308,52 +352,42 @@ samr_s_enum_local_domains(struct samr_EnumLocalDomain *param,
* samr_s_OpenDomain
*
* This is a request to open a domain within the local SAM database.
- * The caller must supply a valid handle obtained via a successful
- * connect. We return a handle to be used to access objects within
- * this domain.
+ * The caller must supply a valid connect handle.
+ * We return a handle to be used to access objects within this domain.
*/
-/*ARGSUSED*/
static int
samr_s_OpenDomain(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_OpenDomain *param = arg;
- ms_handle_t *handle = 0;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
nt_domain_t *domain;
- if (!mlsvc_validate_handle(
- (ms_handle_t *)&param->handle, SAMR_CONNECT_KEY)) {
+ if (samr_hdlookup(mxa, id, SAMR_KEY_CONNECT) == NULL) {
bzero(&param->domain_handle, sizeof (samr_handle_t));
param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
return (MLRPC_DRC_OK);
}
- domain = nt_domain_lookup_sid((nt_sid_t *)param->sid);
- if (domain == NULL) {
+ if ((domain = nt_domain_lookup_sid((nt_sid_t *)param->sid)) == NULL) {
bzero(&param->domain_handle, sizeof (samr_handle_t));
param->status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
return (MLRPC_DRC_OK);
}
- switch (domain->type) {
- case NT_DOMAIN_BUILTIN:
- handle = mlsvc_get_handle(MLSVC_IFSPEC_SAMR,
- SAMR_DOMAIN_KEY, SAMR_BUILTIN_DOMAIN);
-
- bcopy(handle, &param->domain_handle, sizeof (samr_handle_t));
- param->status = 0;
- break;
-
- case NT_DOMAIN_LOCAL:
- handle = mlsvc_get_handle(MLSVC_IFSPEC_SAMR,
- SAMR_DOMAIN_KEY, SAMR_LOCAL_DOMAIN);
+ if ((domain->type != NT_DOMAIN_BUILTIN) &&
+ (domain->type != NT_DOMAIN_LOCAL)) {
+ bzero(&param->domain_handle, sizeof (samr_handle_t));
+ param->status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
+ return (MLRPC_DRC_OK);
+ }
- bcopy(handle, &param->domain_handle, sizeof (samr_handle_t));
+ id = samr_hdalloc(mxa, SAMR_KEY_DOMAIN, domain->type, 0);
+ if (id) {
+ bcopy(id, &param->domain_handle, sizeof (samr_handle_t));
param->status = 0;
- break;
-
- default:
+ } else {
bzero(&param->domain_handle, sizeof (samr_handle_t));
- param->status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
+ param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
}
return (MLRPC_DRC_OK);
@@ -373,13 +407,38 @@ static int
samr_s_QueryDomainInfo(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_QueryDomainInfo *param = arg;
- ms_handle_desc_t *desc;
- char *hostname;
- char *domain_str = "";
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->domain_handle;
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
+ char *domain;
+ int alias_cnt;
int rc;
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->domain_handle);
- if (desc == NULL || (strcmp(desc->key, SAMR_DOMAIN_KEY) != 0)) {
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
+ bzero(param, sizeof (struct samr_QueryDomainInfo));
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
+ return (MLRPC_DRC_OK);
+ }
+
+ data = (samr_keydata_t *)hd->nh_data;
+
+ switch (data->kd_type) {
+ case NT_DOMAIN_BUILTIN:
+ domain = "Builtin";
+ break;
+
+ case NT_DOMAIN_LOCAL:
+ domain = MLRPC_HEAP_MALLOC(mxa, MAXHOSTNAMELEN);
+ rc = smb_gethostname(domain, MAXHOSTNAMELEN, 1);
+
+ if (rc != 0 || domain == NULL) {
+ bzero(param, sizeof (struct samr_QueryDomainInfo));
+ param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
+ return (MLRPC_DRC_OK);
+ }
+ break;
+
+ default:
bzero(param, sizeof (struct samr_QueryDomainInfo));
param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
return (MLRPC_DRC_OK);
@@ -401,21 +460,13 @@ samr_s_QueryDomainInfo(void *arg, struct mlrpc_xaction *mxa)
break;
case SAMR_QUERY_DOMAIN_INFO_2:
- if (desc->discrim == SAMR_LOCAL_DOMAIN) {
- hostname = MLRPC_HEAP_MALLOC(mxa, MAXHOSTNAMELEN);
- rc = smb_gethostname(hostname, MAXHOSTNAMELEN, 1);
- if (rc != 0 || hostname == NULL) {
- bzero(param,
- sizeof (struct samr_QueryDomainInfo));
- param->status =
- NT_SC_ERROR(NT_STATUS_NO_MEMORY);
- return (MLRPC_DRC_OK);
- }
-
- domain_str = hostname;
- } else {
- if (desc->discrim == SAMR_BUILTIN_DOMAIN)
- domain_str = "Builtin";
+ rc = (data->kd_type == NT_DOMAIN_BUILTIN)
+ ? smb_lgrp_numbydomain(SMB_LGRP_BUILTIN, &alias_cnt)
+ : smb_lgrp_numbydomain(SMB_LGRP_LOCAL, &alias_cnt);
+ if (rc != SMB_LGRP_SUCCESS) {
+ bzero(param, sizeof (struct samr_QueryDomainInfo));
+ param->status = NT_SC_ERROR(NT_STATUS_INTERNAL_ERROR);
+ return (MLRPC_DRC_OK);
}
param->ru.info2.unknown1 = 0x00000000;
@@ -425,7 +476,7 @@ samr_s_QueryDomainInfo(void *arg, struct mlrpc_xaction *mxa)
"", mxa);
(void) mlsvc_string_save(
- (ms_string_t *)&(param->ru.info2.domain), domain_str, mxa);
+ (ms_string_t *)&(param->ru.info2.domain), domain, mxa);
(void) mlsvc_string_save((ms_string_t *)&(param->ru.info2.s2),
"", mxa);
@@ -437,11 +488,7 @@ samr_s_QueryDomainInfo(void *arg, struct mlrpc_xaction *mxa)
param->ru.info2.unknown6 = 0x00000001;
param->ru.info2.num_users = 0;
param->ru.info2.num_groups = 0;
- param->ru.info2.num_aliases =
- (desc->discrim == SAMR_BUILTIN_DOMAIN) ?
- nt_groups_count(NT_GROUP_CNT_BUILTIN) :
- nt_groups_count(NT_GROUP_CNT_LOCAL);
-
+ param->ru.info2.num_aliases = alias_cnt;
param->status = NT_STATUS_SUCCESS;
break;
@@ -466,83 +513,85 @@ static int
samr_s_LookupNames(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_LookupNames *param = arg;
- ms_handle_desc_t *desc;
- struct passwd *pw;
- struct group *gr;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
+ well_known_account_t *wka;
+ smb_group_t grp;
+ smb_passwd_t smbpw;
nt_sid_t *sid;
- nt_group_t *grp;
- WORD rid_type;
+ uint32_t status = NT_STATUS_SUCCESS;
+ int rc;
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->handle);
- if (desc == 0 || (strcmp(desc->key, SAMR_DOMAIN_KEY) != 0)) {
- bzero(param, sizeof (struct samr_LookupNames));
- param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
- return (MLRPC_DRC_OK);
- }
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL)
+ status = NT_STATUS_INVALID_HANDLE;
- if (param->n_entry != 1) {
- bzero(param, sizeof (struct samr_LookupNames));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
- return (MLRPC_DRC_OK);
- }
+ if (param->n_entry != 1)
+ status = NT_STATUS_ACCESS_DENIED;
if (param->name.str == NULL) {
- bzero(param, sizeof (struct samr_LookupNames));
/*
- * Windows NT returns NT_STATUS_NONE_MAPPED when the
- * name is NULL.
+ * Windows NT returns NT_STATUS_NONE_MAPPED.
* Windows 2000 returns STATUS_INVALID_ACCOUNT_NAME.
*/
- param->status = NT_SC_ERROR(NT_STATUS_NONE_MAPPED);
+ status = NT_STATUS_NONE_MAPPED;
+ }
+
+ if (status != NT_STATUS_SUCCESS) {
+ bzero(param, sizeof (struct samr_LookupNames));
+ param->status = NT_SC_ERROR(status);
return (MLRPC_DRC_OK);
}
param->rids.rid = MLRPC_HEAP_NEW(mxa, DWORD);
param->rid_types.rid_type = MLRPC_HEAP_NEW(mxa, DWORD);
- if (desc->discrim == SAMR_BUILTIN_DOMAIN) {
- sid = nt_builtin_lookup_name((char *)param->name.str,
- &rid_type);
+ data = (samr_keydata_t *)hd->nh_data;
- if (sid != 0) {
+ switch (data->kd_type) {
+ case NT_DOMAIN_BUILTIN:
+ wka = nt_builtin_lookup((char *)param->name.str);
+ if (wka != NULL) {
param->rids.n_entry = 1;
- (void) nt_sid_get_rid(sid, &param->rids.rid[0]);
+ (void) nt_sid_get_rid(wka->binsid, &param->rids.rid[0]);
param->rid_types.n_entry = 1;
- param->rid_types.rid_type[0] = rid_type;
+ param->rid_types.rid_type[0] = wka->sid_name_use;
param->status = NT_STATUS_SUCCESS;
- free(sid);
return (MLRPC_DRC_OK);
}
- } else if (desc->discrim == SAMR_LOCAL_DOMAIN) {
- grp = nt_group_getinfo((char *)param->name.str, RWLOCK_READER);
+ break;
- if (grp != NULL) {
+ case NT_DOMAIN_LOCAL:
+ rc = smb_lgrp_getbyname((char *)param->name.str, &grp);
+ if (rc == SMB_LGRP_SUCCESS) {
param->rids.n_entry = 1;
- (void) nt_sid_get_rid(grp->sid, &param->rids.rid[0]);
+ param->rids.rid[0] = grp.sg_rid;
param->rid_types.n_entry = 1;
- param->rid_types.rid_type[0] = *grp->sid_name_use;
+ param->rid_types.rid_type[0] = grp.sg_id.gs_type;
param->status = NT_STATUS_SUCCESS;
- nt_group_putinfo(grp);
+ smb_lgrp_free(&grp);
return (MLRPC_DRC_OK);
}
- if ((pw = getpwnam((const char *)param->name.str)) != NULL) {
- param->rids.n_entry = 1;
- param->rids.rid[0] = SAM_ENCODE_UXUID(pw->pw_uid);
- param->rid_types.n_entry = 1;
- param->rid_types.rid_type[0] = SidTypeUser;
- param->status = NT_STATUS_SUCCESS;
- return (MLRPC_DRC_OK);
+ if (smb_pwd_getpasswd((const char *)param->name.str,
+ &smbpw) != NULL) {
+ if (smb_idmap_getsid(smbpw.pw_uid, SMB_IDMAP_USER,
+ &sid) == IDMAP_SUCCESS) {
+ param->rids.n_entry = 1;
+ (void) nt_sid_get_rid(sid, &param->rids.rid[0]);
+ param->rid_types.n_entry = 1;
+ param->rid_types.rid_type[0] = SidTypeUser;
+ param->status = NT_STATUS_SUCCESS;
+ free(sid);
+ return (MLRPC_DRC_OK);
+ }
}
+ break;
- if ((gr = getgrnam((const char *)param->name.str)) != NULL) {
- param->rids.n_entry = 1;
- param->rids.rid[0] = SAM_ENCODE_UXGID(gr->gr_gid);
- param->rid_types.n_entry = 1;
- param->rid_types.rid_type[0] = SidTypeAlias;
- param->status = NT_STATUS_SUCCESS;
- return (MLRPC_DRC_OK);
- }
+ default:
+ bzero(param, sizeof (struct samr_LookupNames));
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
+ return (MLRPC_DRC_OK);
}
param->rids.n_entry = 0;
@@ -559,38 +608,44 @@ samr_s_LookupNames(void *arg, struct mlrpc_xaction *mxa)
* obtained via a successful domain open request. The user is
* specified by the rid in the request.
*/
-/*ARGSUSED*/
static int
samr_s_OpenUser(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_OpenUser *param = arg;
- ms_handle_t *handle;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
- if (!mlsvc_validate_handle(
- (ms_handle_t *)&param->handle, SAMR_DOMAIN_KEY)) {
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
bzero(&param->user_handle, sizeof (samr_handle_t));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
return (MLRPC_DRC_OK);
}
- handle = mlsvc_get_handle(MLSVC_IFSPEC_SAMR, SAMR_USER_KEY,
- param->rid);
- bcopy(handle, &param->user_handle, sizeof (samr_handle_t));
+ data = (samr_keydata_t *)hd->nh_data;
+
+ id = samr_hdalloc(mxa, SAMR_KEY_USER, data->kd_type, param->rid);
+ if (id == NULL) {
+ bzero(&param->user_handle, sizeof (samr_handle_t));
+ param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
+ } else {
+ bcopy(id, &param->user_handle, sizeof (samr_handle_t));
+ /*
+ * Need QueryUserInfo(level 21).
+ */
+ samr_hdfree(mxa, id);
+ bzero(&param->user_handle, sizeof (samr_handle_t));
+ param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
+ }
- /*
- * Need QueryUserInfo(level 21).
- */
- bzero(&param->user_handle, sizeof (samr_handle_t));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
return (MLRPC_DRC_OK);
}
/*
* samr_s_DeleteUser
*
- * This is a request to delete a user within a specified domain in the
- * local SAM database. The caller should supply a valid user handle but
- * we deny access regardless.
+ * Request to delete a user within a specified domain in the local
+ * SAM database. The caller should supply a valid user handle.
*/
/*ARGSUSED*/
static int
@@ -598,6 +653,7 @@ samr_s_DeleteUser(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_DeleteUser *param = arg;
+ bzero(param, sizeof (struct samr_DeleteUser));
param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
return (MLRPC_DRC_OK);
}
@@ -605,6 +661,8 @@ samr_s_DeleteUser(void *arg, struct mlrpc_xaction *mxa)
/*
* samr_s_QueryUserInfo
*
+ * The caller should provide a valid user key.
+ *
* Returns:
* NT_STATUS_SUCCESS
* NT_STATUS_ACCESS_DENIED
@@ -616,60 +674,108 @@ samr_s_QueryUserInfo(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_QueryUserInfo *param = arg;
- if (!mlsvc_validate_handle(
- (ms_handle_t *)&param->user_handle, SAMR_USER_KEY)) {
- bzero(param, sizeof (struct samr_QueryUserInfo));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
- return (MLRPC_DRC_OK);
- }
-
bzero(param, sizeof (struct samr_QueryUserInfo));
- param->status = 0;
+ param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
return (MLRPC_DRC_OK);
}
/*
* samr_s_QueryUserGroups
*
- * This is a request to obtain a list of groups of which a user is a
- * member. The user is identified from the handle, which contains an
- * encoded uid in the discriminator field.
- *
- * Get complete list of groups and check for builtin domain.
+ * Request the list of groups of which a user is a member.
+ * The user is identified from the handle, which contains an
+ * rid in the discriminator field. Note that this is a local user.
*/
static int
samr_s_QueryUserGroups(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_QueryUserGroups *param = arg;
struct samr_UserGroupInfo *info;
- ms_handle_desc_t *desc;
- struct passwd *pw;
- DWORD uid;
+ struct samr_UserGroups *group;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->user_handle;
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
+ well_known_account_t *wka;
+ nt_sid_t *user_sid = NULL;
+ nt_sid_t *dom_sid;
+ smb_group_t grp;
+ smb_giter_t gi;
+ uint32_t status;
+ int size;
+ int ngrp_max;
+
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_USER)) == NULL) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto query_error;
+ }
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->user_handle);
- if (desc == 0 || strcmp(desc->key, SAMR_USER_KEY)) {
- bzero(param, sizeof (struct samr_QueryUserGroups));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
- return (MLRPC_DRC_OK);
+ data = (samr_keydata_t *)hd->nh_data;
+ switch (data->kd_type) {
+ case NT_DOMAIN_BUILTIN:
+ wka = nt_builtin_lookup("builtin");
+ if (wka == NULL) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto query_error;
+ }
+ dom_sid = wka->binsid;
+ break;
+ case NT_DOMAIN_LOCAL:
+ dom_sid = nt_domain_local_sid();
+ break;
+ default:
+ status = NT_STATUS_INVALID_HANDLE;
+ goto query_error;
+ }
+
+ user_sid = nt_sid_splice(dom_sid, data->kd_rid);
+ if (user_sid == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto query_error;
}
info = MLRPC_HEAP_NEW(mxa, struct samr_UserGroupInfo);
- info->groups = MLRPC_HEAP_NEW(mxa, struct samr_UserGroups);
+ if (info == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto query_error;
+ }
+ bzero(info, sizeof (struct samr_UserGroupInfo));
- uid = SAM_DECODE_RID(desc->discrim);
+ size = 32 * 1024;
+ info->groups = MLRPC_HEAP_MALLOC(mxa, size);
+ if (info->groups == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto query_error;
+ }
+ ngrp_max = size / sizeof (struct samr_UserGroups);
- if ((pw = getpwuid(uid)) != 0) {
- info->n_entry = 1;
- info->groups->rid = SAM_ENCODE_UXGID(pw->pw_gid);
- info->groups->attr = SE_GROUP_MANDATORY
- | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
- param->info = info;
- param->status = 0;
- } else {
- bzero(param, sizeof (struct samr_QueryUserGroups));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
+ if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto query_error;
}
+ info->n_entry = 0;
+ group = info->groups;
+ while ((info->n_entry < ngrp_max) &&
+ (smb_lgrp_iterate(&gi, &grp) == SMB_LGRP_SUCCESS)) {
+ if (smb_lgrp_is_member(&grp, user_sid)) {
+ group->rid = grp.sg_rid;
+ group->attr = grp.sg_attr;
+ group++;
+ info->n_entry++;
+ }
+ smb_lgrp_free(&grp);
+ }
+ smb_lgrp_iterclose(&gi);
+
+ free(user_sid);
+ param->info = info;
+ param->status = NT_STATUS_SUCCESS;
+ return (MLRPC_DRC_OK);
+
+query_error:
+ free(user_sid);
+ bzero(param, sizeof (struct samr_QueryUserGroups));
+ param->status = NT_SC_ERROR(status);
return (MLRPC_DRC_OK);
}
@@ -684,50 +790,59 @@ samr_s_QueryUserGroups(void *arg, struct mlrpc_xaction *mxa)
*
* We return a handle to be used to access information about this group.
*/
-/*ARGSUSED*/
static int
samr_s_OpenGroup(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_OpenGroup *param = arg;
- ms_handle_t *handle;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
- if (!mlsvc_validate_handle(
- (ms_handle_t *)&param->handle, SAMR_DOMAIN_KEY)) {
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
bzero(&param->group_handle, sizeof (samr_handle_t));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
return (MLRPC_DRC_OK);
}
- handle = mlsvc_get_handle(MLSVC_IFSPEC_SAMR, SAMR_GROUP_KEY,
- param->rid);
- bcopy(handle, &param->group_handle, sizeof (samr_handle_t));
+ data = (samr_keydata_t *)hd->nh_data;
+ id = samr_hdalloc(mxa, SAMR_KEY_GROUP, data->kd_type, param->rid);
+
+ if (id) {
+ bcopy(id, &param->group_handle, sizeof (samr_handle_t));
+ param->status = 0;
+ } else {
+ bzero(&param->group_handle, sizeof (samr_handle_t));
+ param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
+ }
- param->status = 0;
return (MLRPC_DRC_OK);
}
/*
* samr_s_Connect
*
- * This is a request to connect to the local SAM database. We don't
- * support any form of update request and our database doesn't
- * contain any private information, so there is little point in
- * doing any access access checking here.
+ * This is a request to connect to the local SAM database.
+ * We don't support any form of update request and our database doesn't
+ * contain any private information, so there is little point in doing
+ * any access access checking here.
*
* Return a handle for use with subsequent SAM requests.
*/
-/*ARGSUSED*/
static int
samr_s_Connect(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_Connect *param = arg;
- ms_handle_t *handle;
+ ndr_hdid_t *id;
- handle = mlsvc_get_handle(MLSVC_IFSPEC_SAMR,
- SAMR_CONNECT_KEY, SAMR_DATABASE_DOMAIN);
- bcopy(handle, &param->handle, sizeof (samr_handle_t));
+ id = samr_hdalloc(mxa, SAMR_KEY_CONNECT, NT_DOMAIN_NULL, 0);
+ if (id) {
+ bcopy(id, &param->handle, sizeof (samr_handle_t));
+ param->status = 0;
+ } else {
+ bzero(&param->handle, sizeof (samr_handle_t));
+ param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
+ }
- param->status = 0;
return (MLRPC_DRC_OK);
}
@@ -741,24 +856,14 @@ static int
samr_s_GetUserPwInfo(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_GetUserPwInfo *param = arg;
- ms_handle_t *handle;
- DWORD status = 0;
-
- handle = (ms_handle_t *)&param->user_handle;
-
- if (!mlsvc_validate_handle(handle, SAMR_USER_KEY))
- status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
bzero(param, sizeof (struct samr_GetUserPwInfo));
- param->status = status;
+ param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
return (MLRPC_DRC_OK);
}
/*
* samr_s_CreateUser
- *
- * This is a request to create a user within a specified domain in the
- * local SAM database. We always deny access.
*/
/*ARGSUSED*/
static int
@@ -816,25 +921,25 @@ samr_s_SetUserInfo(void *arg, struct mlrpc_xaction *mxa)
/*
* samr_s_QueryDispInfo
*
- * This function is supposed to return local users' information.
+ * This function is supposed to return local user information.
* As we don't support local users, this function dosen't send
* back any information.
*
- * I added a peice of code that returns information for Administrator
- * and Guest builtin users. All information are hard-coded which I get
- * from packet captures. Currently, this peice of code is opt-out.
+ * Added template that returns information for Administrator and Guest
+ * builtin users. All information is hard-coded from packet captures.
*/
-/*ARGSUSED*/
static int
samr_s_QueryDispInfo(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_QueryDispInfo *param = arg;
- ms_handle_desc_t *desc;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->domain_handle;
DWORD status = 0;
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->domain_handle);
- if (desc == NULL || (strcmp(desc->key, SAMR_DOMAIN_KEY) != 0))
- status = NT_STATUS_INVALID_HANDLE;
+ if (samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN) == NULL) {
+ bzero(param, sizeof (struct samr_QueryDispInfo));
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
+ return (MLRPC_DRC_OK);
+ }
#ifdef SAMR_SUPPORT_USER
if ((desc->discrim != SAMR_LOCAL_DOMAIN) || (param->start_idx != 0)) {
@@ -897,24 +1002,21 @@ samr_s_QueryDispInfo(void *arg, struct mlrpc_xaction *mxa)
* samr_s_EnumDomainGroups
*
*
- * This function is supposed to return local users' information.
+ * This function is supposed to return local group information.
* As we don't support local users, this function dosen't send
* back any information.
*
- * I added a peice of code that returns information for a
- * domain group as None. All information are hard-coded which I get
- * from packet captures. Currently, this peice of code is opt-out.
+ * Added template that returns information for a domain group as None.
+ * All information is hard-coded from packet captures.
*/
-/*ARGSUSED*/
static int
samr_s_EnumDomainGroups(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_EnumDomainGroups *param = arg;
- ms_handle_desc_t *desc;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->domain_handle;
DWORD status = NT_STATUS_SUCCESS;
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->domain_handle);
- if (desc == NULL || (strcmp(desc->key, SAMR_DOMAIN_KEY) != 0))
+ if (samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN) == NULL)
status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
param->total_size = 0;
@@ -964,18 +1066,17 @@ samr_s_EnumDomainGroups(void *arg, struct mlrpc_xaction *mxa)
* for that alias. The alias domain sid should match with
* the passed domain handle.
*/
-/*ARGSUSED*/
static int
samr_s_OpenAlias(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_OpenAlias *param = arg;
- ms_handle_desc_t *desc = 0;
- ms_handle_t *handle;
- nt_group_t *grp;
- DWORD status = NT_STATUS_SUCCESS;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->domain_handle;
+ ndr_handle_t *hd;
+ uint32_t status;
+ samr_keydata_t *data;
+ int rc;
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->domain_handle);
- if (desc == 0 || (strcmp(desc->key, SAMR_DOMAIN_KEY) != 0)) {
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
status = NT_STATUS_INVALID_HANDLE;
goto open_alias_err;
}
@@ -985,25 +1086,21 @@ samr_s_OpenAlias(void *arg, struct mlrpc_xaction *mxa)
goto open_alias_err;
}
- grp = nt_groups_lookup_rid(param->rid);
- if (grp == 0) {
+ data = (samr_keydata_t *)hd->nh_data;
+ rc = smb_lgrp_getbyrid(param->rid, (smb_gdomain_t)data->kd_type, NULL);
+ if (rc != SMB_LGRP_SUCCESS) {
status = NT_STATUS_NO_SUCH_ALIAS;
goto open_alias_err;
}
- if (((desc->discrim == SAMR_LOCAL_DOMAIN) &&
- !nt_sid_is_local(grp->sid)) ||
- ((desc->discrim == SAMR_BUILTIN_DOMAIN) &&
- !nt_sid_is_builtin(grp->sid))) {
- status = NT_STATUS_NO_SUCH_ALIAS;
- goto open_alias_err;
+ id = samr_hdalloc(mxa, SAMR_KEY_ALIAS, data->kd_type, param->rid);
+ if (id) {
+ bcopy(id, &param->alias_handle, sizeof (samr_handle_t));
+ param->status = NT_STATUS_SUCCESS;
+ return (MLRPC_DRC_OK);
}
- handle = mlsvc_get_handle(MLSVC_IFSPEC_SAMR, SAMR_ALIAS_KEY,
- param->rid);
- bcopy(handle, &param->alias_handle, sizeof (samr_handle_t));
- param->status = 0;
- return (MLRPC_DRC_OK);
+ status = NT_STATUS_NO_MEMORY;
open_alias_err:
bzero(&param->alias_handle, sizeof (samr_handle_t));
@@ -1025,33 +1122,29 @@ static int
samr_s_CreateDomainAlias(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_CreateDomainAlias *param = arg;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->alias_handle;
+
+ if (samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN) == NULL) {
+ bzero(param, sizeof (struct samr_CreateDomainAlias));
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
+ return (MLRPC_DRC_OK);
+ }
+
+ bzero(param, sizeof (struct samr_CreateDomainAlias));
+ param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
+ return (MLRPC_DRC_OK);
#ifdef SAMR_SUPPORT_ADD_ALIAS
DWORD status = NT_STATUS_SUCCESS;
- ms_handle_desc_t *desc = 0;
- ms_handle_t *handle;
nt_group_t *grp;
char *alias_name;
-#endif
- bzero(&param->alias_handle, sizeof (samr_handle_t));
- param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
- return (MLRPC_DRC_OK);
-#ifdef SAMR_SUPPORT_ADD_ALIAS
alias_name = param->alias_name.str;
if (alias_name == 0) {
status = NT_STATUS_INVALID_PARAMETER;
goto create_alias_err;
}
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->domain_handle);
- if (desc == 0 ||
- (desc->discrim != SAMR_LOCAL_DOMAIN) ||
- (strcmp(desc->key, SAMR_DOMAIN_KEY) != 0)) {
- status = NT_STATUS_INVALID_HANDLE;
- goto create_alias_err;
- }
-
/*
* Check access mask. User should be member of
* Administrators or Account Operators local group.
@@ -1087,19 +1180,17 @@ create_alias_err:
/*
* samr_s_SetAliasInfo
*
- * For more information you can look at MSDN page for NetLocalGroupSetInfo.
+ * Similar to NetLocalGroupSetInfo.
*/
-/*ARGSUSED*/
static int
samr_s_SetAliasInfo(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_SetAliasInfo *param = arg;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->alias_handle;
DWORD status = NT_STATUS_SUCCESS;
- if (!mlsvc_validate_handle(
- (ms_handle_t *)&param->alias_handle, SAMR_ALIAS_KEY)) {
+ if (samr_hdlookup(mxa, id, SAMR_KEY_ALIAS) == NULL)
status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
- }
param->status = status;
return (MLRPC_DRC_OK);
@@ -1115,18 +1206,22 @@ static int
samr_s_QueryAliasInfo(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_QueryAliasInfo *param = arg;
- ms_handle_desc_t *desc;
- nt_group_t *grp;
- DWORD status;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->alias_handle;
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
+ smb_group_t grp;
+ uint32_t status;
+ int rc;
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->alias_handle);
- if (desc == NULL || (strcmp(desc->key, SAMR_ALIAS_KEY) != 0)) {
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_ALIAS)) == NULL) {
status = NT_STATUS_INVALID_HANDLE;
goto query_alias_err;
}
- grp = nt_groups_lookup_rid(desc->discrim);
- if (grp == NULL) {
+ data = (samr_keydata_t *)hd->nh_data;
+ rc = smb_lgrp_getbyrid(data->kd_rid, (smb_gdomain_t)data->kd_type,
+ &grp);
+ if (rc != SMB_LGRP_SUCCESS) {
status = NT_STATUS_NO_SUCH_ALIAS;
goto query_alias_err;
}
@@ -1135,10 +1230,10 @@ samr_s_QueryAliasInfo(void *arg, struct mlrpc_xaction *mxa)
case SAMR_QUERY_ALIAS_INFO_1:
param->ru.info1.level = param->level;
(void) mlsvc_string_save(
- (ms_string_t *)&param->ru.info1.name, grp->name, mxa);
+ (ms_string_t *)&param->ru.info1.name, grp.sg_name, mxa);
(void) mlsvc_string_save(
- (ms_string_t *)&param->ru.info1.desc, grp->comment, mxa);
+ (ms_string_t *)&param->ru.info1.desc, grp.sg_cmnt, mxa);
param->ru.info1.unknown = 1;
break;
@@ -1146,15 +1241,16 @@ samr_s_QueryAliasInfo(void *arg, struct mlrpc_xaction *mxa)
case SAMR_QUERY_ALIAS_INFO_3:
param->ru.info3.level = param->level;
(void) mlsvc_string_save(
- (ms_string_t *)&param->ru.info3.desc, grp->comment, mxa);
-
+ (ms_string_t *)&param->ru.info3.desc, grp.sg_cmnt, mxa);
break;
default:
+ smb_lgrp_free(&grp);
status = NT_STATUS_INVALID_INFO_CLASS;
goto query_alias_err;
};
+ smb_lgrp_free(&grp);
param->address = (DWORD)(uintptr_t)&param->ru;
param->status = 0;
return (MLRPC_DRC_OK);
@@ -1176,28 +1272,26 @@ query_alias_err:
* This RPC is used by CMC and right now it returns access denied.
* The peice of code that removes a local group doesn't get compiled.
*/
-/*ARGSUSED*/
static int
samr_s_DeleteDomainAlias(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_DeleteDomainAlias *param = arg;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->alias_handle;
-#ifdef SAMR_SUPPORT_DEL_ALIAS
- ms_handle_desc_t *desc = 0;
- nt_group_t *grp;
- char *alias_name;
- DWORD status;
-#endif
+ if (samr_hdlookup(mxa, id, SAMR_KEY_ALIAS) == NULL) {
+ bzero(param, sizeof (struct samr_DeleteDomainAlias));
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
+ return (MLRPC_DRC_OK);
+ }
+ bzero(param, sizeof (struct samr_DeleteDomainAlias));
param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
return (MLRPC_DRC_OK);
#ifdef SAMR_SUPPORT_DEL_ALIAS
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->alias_handle);
- if (desc == 0 || (strcmp(desc->key, SAMR_ALIAS_KEY) != 0)) {
- status = NT_STATUS_INVALID_HANDLE;
- goto delete_alias_err;
- }
+ nt_group_t *grp;
+ char *alias_name;
+ DWORD status;
grp = nt_groups_lookup_rid(desc->discrim);
if (grp == 0) {
@@ -1234,77 +1328,65 @@ static int
samr_s_EnumDomainAliases(void *arg, struct mlrpc_xaction *mxa)
{
struct samr_EnumDomainAliases *param = arg;
- ms_handle_desc_t *desc;
- nt_group_t *grp = NULL;
- DWORD status;
- nt_group_iterator_t *gi;
- nt_sid_t *local_sid;
- nt_sid_t *builtin_sid;
- nt_sid_t *sid;
- DWORD cnt, skip;
+ ndr_hdid_t *id = (ndr_hdid_t *)&param->domain_handle;
+ ndr_handle_t *hd;
+ samr_keydata_t *data;
+ smb_group_t grp;
+ smb_giter_t gi;
+ int cnt, skip, i;
struct name_rid *info;
- desc = mlsvc_lookup_handle((ms_handle_t *)&param->domain_handle);
- if (desc == NULL || (strcmp(desc->key, SAMR_DOMAIN_KEY) != 0)) {
- status = NT_STATUS_INVALID_HANDLE;
- goto enum_alias_err;
+ if ((hd = samr_hdlookup(mxa, id, SAMR_KEY_DOMAIN)) == NULL) {
+ bzero(param, sizeof (struct samr_EnumDomainAliases));
+ param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
+ return (MLRPC_DRC_OK);
}
- local_sid = nt_domain_local_sid();
- builtin_sid = nt_builtin_lookup_name("BUILTIN", 0);
+ data = (samr_keydata_t *)hd->nh_data;
- if (desc->discrim == SAMR_LOCAL_DOMAIN) {
- sid = local_sid;
- } else if (desc->discrim == SAMR_BUILTIN_DOMAIN) {
- sid = builtin_sid;
- } else {
- status = NT_STATUS_INVALID_HANDLE;
- goto enum_alias_err;
- }
+ (void) smb_lgrp_numbydomain((smb_gdomain_t)data->kd_type, &cnt);
+ if (cnt <= param->resume_handle) {
+ param->aliases = (struct aliases_info *)MLRPC_HEAP_MALLOC(mxa,
+ sizeof (struct aliases_info));
- cnt = skip = 0;
- gi = nt_group_open_iterator();
- nt_group_ht_lock(RWLOCK_READER);
- while ((grp = nt_group_iterate(gi)) != 0) {
- if (skip++ < param->resume_handle)
- continue;
- if (nt_sid_is_indomain(sid, grp->sid))
- cnt++;
+ bzero(param->aliases, sizeof (struct aliases_info));
+ param->out_resume = 0;
+ param->entries = 0;
+ param->status = NT_STATUS_SUCCESS;
+ return (MLRPC_DRC_OK);
}
- nt_group_ht_unlock();
- nt_group_close_iterator(gi);
+ cnt -= param->resume_handle;
param->aliases = (struct aliases_info *)MLRPC_HEAP_MALLOC(mxa,
sizeof (struct aliases_info) + (cnt-1) * sizeof (struct name_rid));
- param->aliases->count = cnt;
- param->aliases->address = cnt;
- info = param->aliases->info;
+ if (smb_lgrp_iteropen(&gi) != SMB_LGRP_SUCCESS) {
+ bzero(param, sizeof (struct samr_EnumDomainAliases));
+ param->status = NT_SC_ERROR(NT_STATUS_INTERNAL_ERROR);
+ return (MLRPC_DRC_OK);
+ }
- skip = 0;
- gi = nt_group_open_iterator();
- nt_group_ht_lock(RWLOCK_READER);
- while ((grp = nt_group_iterate(gi)) != NULL) {
- if (skip++ < param->resume_handle)
- continue;
- if (nt_sid_is_indomain(sid, grp->sid)) {
- (void) nt_sid_get_rid(grp->sid, &info->rid);
+ skip = i = 0;
+ info = param->aliases->info;
+ while (smb_lgrp_iterate(&gi, &grp) == SMB_LGRP_SUCCESS) {
+ if ((skip++ >= param->resume_handle) &&
+ (grp.sg_domain == data->kd_type) && (i++ < cnt)) {
+ info->rid = grp.sg_rid;
(void) mlsvc_string_save((ms_string_t *)&info->name,
- grp->name, mxa);
+ grp.sg_name, mxa);
info++;
}
+ smb_lgrp_free(&grp);
}
- nt_group_ht_unlock();
- nt_group_close_iterator(gi);
+ smb_lgrp_iterclose(&gi);
- param->out_resume = cnt;
- param->entries = cnt;
- param->status = 0;
- return (MLRPC_DRC_OK);
+ param->aliases->count = i;
+ param->aliases->address = i;
-enum_alias_err:
- param->status = NT_SC_ERROR(status);
+ param->out_resume = i;
+ param->entries = i;
+ param->status = 0;
return (MLRPC_DRC_OK);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-29 23:00:40 +0000