srv_samr_nt.c

samba-3.0.22.tar.gz 编译smb服务器的源码

	
	pdb_free_sam(&sampass);

	return NT_STATUS_OK;
}

/*************************************************************************
 get_user_info_21
 *************************************************************************/

static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, 
				 DOM_SID *user_sid, DOM_SID *domain_sid)
{
	SAM_ACCOUNT *sampass=NULL;
	BOOL ret;
	NTSTATUS nt_status;

	nt_status = pdb_init_sam_talloc(mem_ctx, &sampass);
	if (!NT_STATUS_IS_OK(nt_status)) {
		return nt_status;
	}

	become_root();
	ret = pdb_getsampwsid(sampass, user_sid);
	unbecome_root();

	if (ret == False) {
		DEBUG(4,("User %s not found\n", sid_string_static(user_sid)));
		return NT_STATUS_NO_SUCH_USER;
	}

	samr_clear_sam_passwd(sampass);

	DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));

	ZERO_STRUCTP(id21);
	nt_status = init_sam_user_info21A(id21, sampass, domain_sid);
	
	pdb_free_sam(&sampass);

	return NT_STATUS_OK;
}

/*******************************************************************
 _samr_query_userinfo
 ********************************************************************/

NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u)
{
	SAM_USERINFO_CTR *ctr;
	struct samr_info *info = NULL;
	DOM_SID domain_sid;
	uint32 rid;
	
	r_u->status=NT_STATUS_OK;

	/* search for the handle */
	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
		return NT_STATUS_INVALID_HANDLE;

	domain_sid = info->sid;

	sid_split_rid(&domain_sid, &rid);

	if (!sid_check_is_in_our_domain(&info->sid))
		return NT_STATUS_OBJECT_TYPE_MISMATCH;

	DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid)));

	ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_USERINFO_CTR);
	if (!ctr)
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(ctr);

	/* ok!  user info levels (lots: see MSDEV help), off we go... */
	ctr->switch_value = q_u->switch_value;

	DEBUG(5,("_samr_query_userinfo: user info level: %d\n", q_u->switch_value));

	switch (q_u->switch_value) {
	case 7:
		ctr->info.id7 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_7);
		if (ctr->info.id7 == NULL)
			return NT_STATUS_NO_MEMORY;

		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_7(p->mem_ctx, ctr->info.id7, &info->sid)))
			return r_u->status;
		break;
	case 9:
		ctr->info.id9 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_9);
		if (ctr->info.id9 == NULL)
			return NT_STATUS_NO_MEMORY;

		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_9(p->mem_ctx, ctr->info.id9, &info->sid)))
			return r_u->status;
		break;
	case 16:
		ctr->info.id16 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_16);
		if (ctr->info.id16 == NULL)
			return NT_STATUS_NO_MEMORY;

		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_16(p->mem_ctx, ctr->info.id16, &info->sid)))
			return r_u->status;
		break;

#if 0
/* whoops - got this wrong.  i think.  or don't understand what's happening. */
        case 17:
        {
            NTTIME expire;
            info = (void *)&id11;

            expire.low = 0xffffffff;
            expire.high = 0x7fffffff;

            ctr->info.id = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_17));
	    ZERO_STRUCTP(ctr->info.id17);
            init_sam_user_info17(ctr->info.id17, &expire,
                         "BROOKFIELDS$",    /* name */
                         0x03ef,    /* user rid */
                         0x201, /* group rid */
                         0x0080);   /* acb info */

            break;
        }
#endif

	case 18:
		ctr->info.id18 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_18);
		if (ctr->info.id18 == NULL)
			return NT_STATUS_NO_MEMORY;

		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_18(p, p->mem_ctx, ctr->info.id18, &info->sid)))
			return r_u->status;
		break;
		
	case 20:
		ctr->info.id20 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_20);
		if (ctr->info.id20 == NULL)
			return NT_STATUS_NO_MEMORY;
		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid)))
			return r_u->status;
		break;

	case 21:
		ctr->info.id21 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_21);
		if (ctr->info.id21 == NULL)
			return NT_STATUS_NO_MEMORY;
		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, 
								    &info->sid, &domain_sid)))
			return r_u->status;
		break;

	default:
		return NT_STATUS_INVALID_INFO_CLASS;
	}

	init_samr_r_query_userinfo(r_u, ctr, r_u->status);

	DEBUG(5,("_samr_query_userinfo: %d\n", __LINE__));
	
	return r_u->status;
}

/*******************************************************************
 samr_reply_query_usergroups
 ********************************************************************/

NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u)
{
	SAM_ACCOUNT *sam_pass=NULL;
	struct passwd *passwd;
	DOM_SID  sid;
	DOM_SID *sids;
	DOM_GID *gids = NULL;
	size_t num_groups = 0;
	gid_t *unix_gids;
	size_t i, num_gids;
	uint32 acc_granted;
	BOOL ret;
	NTSTATUS result;

	/*
	 * from the SID in the request:
	 * we should send back the list of DOMAIN GROUPS
	 * the user is a member of
	 *
	 * and only the DOMAIN GROUPS
	 * no ALIASES !!! neither aliases of the domain
	 * nor aliases of the builtin SID
	 *
	 * JFM, 12/2/2001
	 */

	r_u->status = NT_STATUS_OK;

	DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));

	/* find the policy handle.  open a policy on it. */
	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted, NULL))
		return NT_STATUS_INVALID_HANDLE;
	
	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) {
		return r_u->status;
	}

	if (!sid_check_is_in_our_domain(&sid))
		return NT_STATUS_OBJECT_TYPE_MISMATCH;

	pdb_init_sam(&sam_pass);
	
	become_root();
	ret = pdb_getsampwsid(sam_pass, &sid);
	unbecome_root();

	if (ret == False) {
		pdb_free_sam(&sam_pass);
		return NT_STATUS_NO_SUCH_USER;
	}

	passwd = getpwnam_alloc(pdb_get_username(sam_pass));
	if (passwd == NULL) {
		pdb_free_sam(&sam_pass);
		return NT_STATUS_NO_SUCH_USER;
	}

	sids = NULL;

	become_root();
	result = pdb_enum_group_memberships(pdb_get_username(sam_pass),
					    passwd->pw_gid,
					    &sids, &unix_gids, &num_groups);
	unbecome_root();

	pdb_free_sam(&sam_pass);
	passwd_free(&passwd);

	if (!NT_STATUS_IS_OK(result))
		return result;

	SAFE_FREE(unix_gids);

	gids = NULL;
	num_gids = 0;

	for (i=0; i<num_groups; i++) {
		uint32 rid;

		if (!sid_peek_check_rid(get_global_sam_sid(),
					&(sids[i]), &rid))
			continue;

		gids = TALLOC_REALLOC_ARRAY(p->mem_ctx, gids, DOM_GID, num_gids+1);
		gids[num_gids].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED);
		gids[num_gids].g_rid = rid;
		num_gids += 1;
	}
	SAFE_FREE(sids);
	
	/* construct the response.  lkclXXXX: gids are not copied! */
	init_samr_r_query_usergroups(r_u, num_groups, gids, r_u->status);
	
	DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
	
	return r_u->status;
}

/*******************************************************************
 _samr_query_dom_info
 ********************************************************************/

NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR_R_QUERY_DOMAIN_INFO *r_u)
{
	struct samr_info *info = NULL;
	SAM_UNK_CTR *ctr;
	uint32 min_pass_len,pass_hist,flag;
	time_t u_expire, u_min_age;
	NTTIME nt_expire, nt_min_age;

	time_t u_lock_duration, u_reset_time;
	NTTIME nt_lock_duration, nt_reset_time;
	uint32 lockout;
	time_t u_logout;
	NTTIME nt_logout;

	uint32 account_policy_temp;

	time_t seq_num;
	uint32 server_role;

	uint32 num_users=0, num_groups=0, num_aliases=0;

	if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	ZERO_STRUCTP(ctr);

	r_u->status = NT_STATUS_OK;
	
	DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
	
	/* find the policy handle.  open a policy on it. */
	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)(void *)&info)) {
		return NT_STATUS_INVALID_HANDLE;
	}
	
	switch (q_u->switch_value) {
		case 0x01:
			
			become_root();

			/* AS ROOT !!! */

			pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
			min_pass_len = account_policy_temp;

			pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp);
			pass_hist = account_policy_temp;

			pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp);
			flag = account_policy_temp;

			pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp);
			u_expire = account_policy_temp;

			pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
			u_min_age = account_policy_temp;

			/* !AS ROOT */
			
			unbecome_root();

			unix_to_nt_time_abs(&nt_expire, u_expire);
			unix_to_nt_time_abs(&nt_min_age, u_min_age);

			init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist, 
			               flag, nt_expire, nt_min_age);
			break;
		case 0x02:

			become_root();

			/* AS ROOT !!! */

			num_users = count_sam_users(info->disp_info, ACB_NORMAL);
			num_groups = count_sam_groups(info->disp_info);
			num_aliases = count_sam_aliases(info->disp_info);

			pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
			u_logout = account_policy_temp;

			unix_to_nt_time_abs(&nt_logout, u_logout);

			if (!pdb_get_seq_num(&seq_num))
				seq_num = time(NULL);

			/* !AS ROOT */
			
			unbecome_root();

			server_role = ROLE_DOMAIN_PDC;
			if (lp_server_role() == ROLE_DOMAIN_BDC)
				server_role = ROLE_DOMAIN_BDC;

			init_unk_info2(&ctr->info.inf2, lp_serverstring(), lp_workgroup(), global_myname(), seq_num, 
				       num_users, num_groups, num_aliases, nt_logout, server_role);
			break;
		case 0x03:

			become_root();

			/* AS ROOT !!! */

			pdb_get_account_policy(AP_TIME_TO_LOGOUT, (unsigned int *)&u_logout);

			/* !AS ROOT */
			
			unbecome_root();

			unix_to_nt_time_abs(&nt_logout, u_logout);
			
			init_unk_info3(&ctr->info.inf3, nt_logout);
			break;
		case 0x05:
			init_unk_info5(&ctr->info.inf5, global_myname());
			break;
		case 0x06:
			init_unk_info6(&ctr->info.inf6);
			break;
		case 0x07:
			server_role = ROLE_DOMAIN_PDC;
			if (lp_server_role() == ROLE_DOMAIN_BDC)
				server_role = ROLE_DOMAIN_BDC;

			init_unk_info7(&ctr->info.inf7, server_role);
			break;
		case 0x08:

			become_root();

			/* AS ROOT !!! */

			if (!pdb_get_seq_num(&seq_num)) {
				seq_num = time(NULL);
			}

			/* !AS ROOT */
			
			unbecome_root();

			init_unk_info8(&ctr->info.inf8, (uint32) seq_num);
			break;
		case 0x0c:

			become_root();

			/* AS ROOT !!! */

			pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
			u_lock_duration = account_policy_temp;
			if (u_lock_duration != -1) {
				u_lock_duration *= 60;
			}

			pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
			u_reset_time = account_policy_temp * 60;

			pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
			lockout = account_policy_temp;

			/* !AS ROOT */
			
			unbecome_root();

			unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
			unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
	
            		init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
            		break;
        	default:
            		return NT_STATUS_INVALID_INFO_CLASS;
		}
	

	init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
	
	DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
	
	return r_u->status;
}

/*******************************************************************
 _samr_create_user
 Create an account, can be either a normal user or a machine.
 This funcion will need to be updated for bdc/domain trusts.
 ********************************************************************/

NTSTATUS _samr_create_user(pipes_str